Use the Identity Federation feature with your Identity Provider to enable your TD account users to use a single ID to log into more than one Treasure Data account.
A federated identity is defined as a person's electronic identity and attributes, stored in one identity management system and used to validate access to multiple systems. In Treasure Data, the federated identity is used to securely access TD Console.
Limitations
Identity Federation cannot be used with other sign-in methods. For example, Identity Federation cannot be used with Google SSO in Treasure Data. All Google SSO users no longer have sign-in access when the account-level configuration is complete.
You can configure users to sign into Treasure Data with their email and password or with Identity Federation. If a user who logs in to Treasure Data via SSO only changes their sign-in method to email/password, they will receive a reset password automatically in order to generate a new password.
Example
Each TD account has a unique set of data and a set of users associated with the account.
For example, you might have three Treasure Data accounts, such as a developer account, test account, and production account. You want to use only one ID and password to access all TD accounts but you also want to ensure that your login policies are adhered to. Your IdP enforces secure access policies for user authentication. You define your users in the IdP and define Treasure Data as an authorized target application.
You configure your Identity Provider (IdP) to authenticate your Treasure Data users and control the sign-in policy for your users.
Identity Federation provides heightened security and tighter authentication for both on-premise and cloud applications. You can centrally manage all users and their respective permissions through your corporate directory service.
Identity Federation supports IdPs using SAML 2.0 protocol, such as Azure Active Directory.
Contact your Customer Success representative if you are interested in enabling the Identity Federation feature on your account.
Next Steps
Continue to the following topics:
- Managing the Sign-In Mode of a User in Identity Federation
- Signing in as a User of Identity Federation
- Action Required When Users are Removed From an IdP
- Identity Federation Configuration Overview