SAML Protocol
There are additional configuration options available for the SAML 2.0 protocol than are referenced in this guide, which only outlines the required settings. For details about the additional options, see the SAML protocol configuration options reference guide.
Navigate to the Immuta App Settings page.
Scroll to the Identity Management section and click Add IAM.
Complete the Display Name field and select SAML from the Identity Provider Type dropdown.
Take note of the ID and copy the SSO Callback URL to use as the ACS URL in your identity provider.
Adjust Default Permissions granted to users by selecting from the list in this dropdown menu.
Complete the Entry Point field. This is the location of your single sign on application that will be redirected to from the Immuta login page.
Upload your Signing Certificate. This is your identity provider's public signing certificate.
Opt to Enable SCIM support for SAML. Validate that the usernames in your IAM match those in your data platform (Snowflake, Databricks, etc.). If they are incorrect in the IAM or the casing doesn't match, fix the data platform username in the identity provider before configuring SCIM in Immuta.
In the Profile Schema section, map attributes in SAML to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.
If usernames in your data platform align with usernames in an external IAM and those accounts align with an IAM attribute, enter the IAM attribute in the field that corresponds to your data platform:
User's Databricks Username
User's Snowflake Username
User's Trino Username
User's Azure Synapse Analytics Username
User's Redshift Username
User's AWS User. After entering the IAM attribute in the User's AWS User field, click the Select AWS User Type from the dropdown and select one of the types below. This is used by the Amazon S3 Integration to map users in Immuta to the corresponding user type in AWS.
None (fallback to Immuta username): When selecting this option, the AWS username is assumed to be the same as the Immuta username.
AWS IAM role: Only a single Immuta user can be mapped to an IAM role. This restriction prohibits enforcing policies on AWS users who could assume that role. Therefore, if using role principals, create a new user in Immuta that represents the role so that the role then has the permissions applied specifically to it.
AWS Identity Center user IDs: You must use the numeric
User ID
value found in AWS IAM Identity Center, not the user's email address.
User's PostgreSQL Username
Click Test Connection and Test User Login.
Save your configuration.
Last updated
Was this helpful?