Single Sign-On (SSO)

Single Sign-On (SSO) enables users to access Collibra Platform Self-Hosted using a web client, without having to explicitly type their login credentials (username and password).

CPSH provides support for two types of SSO. Each SSO type can be used with or without LDAP (Light-weight Directory Access Protocol), resulting in the following SSO modes:

SAML 2.0, options:
- SSO SAML with attributes sync
- SSO SAML LDAP
SSO through header information, options:
- SSO Header with Collibra Platform Self-Hosted users
- SSO Header with LDAP sync

Tip If you want to use a custom certificate in the SSO configuration for CPSH access, see this section.

This section explains how to:

Choose the most appropriate mode of SSO.
Configure the CPSH for the SSO mode you prefer.

Note

The only supported SAML protocol version in CPSH is SAML 2.0 (urn:oasis:names:tc:SAML:2.0:protocol).
When configuring SAML, in order to obtain the SP metadata from CPSH, sign in and go to https://<your_collibra_url>/rest/2.0/security/saml.
If you want a full SP metadata, go to https://<your_collibra_url>/rest/2.0/security/saml?complete=true.
CPSH only supports assertions to come in through the HTTP-POST binding (as defined in the SP metadata file).
For more information about this subject, see the knowledge base on the Collibra Support Portal.