OpenID Connect

This section includes a general guide for configuring an OpenID provider and guides for specific OpenID providers in Immuta. The getting started section below provides best practices for setup and configuration.

Getting started with OpenID Connect

1. Start by creating a few initial subscription and data policies so that you know the user metadata you will need from your IAM. For example, will user attributes be used to author policies, or will groups also be needed? The subscription and data policies below illustrate the need for both groups and attributes to be imported from the IAM to enforce appropriate access controls:

   1. Subscription policy: Allow all users in the Marketing group to access data sources tagged Marketing.

   2. Data policy: Mask all columns tagged Location except for users with the attribute AccessLevel.Gold.

2. Validate that your provider is supported by Immuta and supports SCIM. If your provider is not listed or does not support SCIM, reach out to your Immuta representative for guidance.

3. Configure your OpenID provider in Immuta with SCIM enabled. Guides for specific providers are linked below.

   1. Okta

   2. OneLogin

Next steps

Once your IAM is configured, complete one of the following tasks:

• Register data in Immuta

• Author policies