OneLogin single sign-on (SSO)

This article shows how to configure OneLogin as the identity provider for Databricks.

Gather required information

  1. Log in to Databricks as an administrator.
  2. Go to the admin console.
  3. Click Single Sign On.
  4. Copy the Databricks SAML URL.

Do not close this browser tab.

Configure OneLogin

  1. In a new browser tab, log in to OneLogin.
  2. Click Administration.
  3. Click Applications.
  4. Click Add App.
  5. Search for SAML Test Connector (Advanced) and click the result by OneLogin, Inc.
  6. Set Display Name to Databricks.
  7. Click Save. The application’s Info tab loads.
  8. Click Configuration.
  9. In the Find Applications field, search for SAML Test Connector.
  10. Select the SAML Test Connector (IdP w/ attr w/ sign response) app.
  11. Set the application name to Databricks.
  12. Click Save. The application’s Configuration tab loads.
  13. Set each of the following fields to the Databricks SAML URL from Gather required information:
    • Audience
    • Recipient
    • ACS (Consumer) URL Validator
    • ACS (Consumer) URL
    • Single Logout URL
    • Login URL
  14. Verify that SAML nameID format is set to Email.
  15. Verify that SAML signature element is set to Response or Both.
  16. Verify that Encrypt assertion is disabled.
  17. Go to the SSO tab. Copy the following values:
    • x.509 certificate
    • Issuer URL
    • SAML 2.0 endpoint (HTTP)

Configure Databricks

  1. Go back to the browser tab for Databricks.
  2. In the admin console, click Single Sign On.
  3. Set Single Sign-On URL to the Issuer URL from OneLogin.
  4. Set Identity Provider Entity ID to the Issuer URL from OneLogin.
  5. Set x.509 Certificate to the x.509 certificate from OneLogin, including the markers for the beginning and ending of the certificate.
  6. Click Enable SSO.
  7. Optionally, click Allow auto user creation.

Test the configuration

  1. In an incognito browser window, go to your Databricks workspace.
  2. Click Single Sign On. You are redirected to OneLogin.
  3. Log in to OneLogin. If SSO is configured correctly, you are redirected to Databricks.

If the test fails, review Troubleshooting.