Skip to main content

Authenticating Dataedo Portal with Google Workspace

This guide will show you how to set up Dataedo to work with a SAML identity provider. In this example, we'll use Google Workspace as the Identity Provider (IdP), but the steps are similar for other providers.

Initial Configuration in Google Admin Portal

  1. Open the Google Admin Portal.

    • Navigate to Apps > Web and mobile apps.
    • Click Add app > Add custom SAML app.
    Google Admin Portal

  2. In the new tab, type a name for the application (for example, "Dataedo Portal") and click Continue.

    Custom SAML App Name

  3. On the next page, click DOWNLOAD METADATA to save the metadata file for later use, then click Continue.

    Download Metadata

  4. Configure the following fields:

    • ACS URL: Enter the Dataedo Portal URL followed by /api/api/auth/assertion-consumer (e.g., https://your-dataedo-web.address/api/api/auth/assertion-consumer).
    • Entity ID: Choose a unique identifier without spaces or special characters (e.g., DataedoPortal). Save this value for later use.
    Configure ACS URL and Entity ID

  5. Leave the last page fields empty and click Finish.

  6. Assign access:

    • Go to User access.
    • Assign the users or groups allowed to log in to Dataedo Portal using Google SAML.
    Assign User Access

Configuring SAML in Dataedo Portal (Windows)

Update appsettings.json

  1. Navigate to the Dataedo Portal installation directory (default: C:\Dataedo Portal\).

  2. Open the Applications\API\ subfolder.

  3. Right-click and edit the appsettings.json file.

    # This sample contains inline comments for explanation purposes.
    # JSON is a strict format and does not support comments.
    # Remove all comments (#) before using this configuration in your environment.
    {
    "Saml2": {
        # Enter the path to the downloaded metadata file.
        # Example: C:/Dataedo Portal/GoogleIDPMetadata.xml
        "IdPMetadata": "C:/Dataedo Portal/GoogleIDPMetadata.xml",

        # Use the Entity ID configured in Google Admin Portal.
        "Issuer": "GoogleSAMLDataedo",

        # Default: RSA_SHA256. Change if using another signature algorithm.
        # For RSA_SHA1, use http://www.w3.org/2001/04/xmldsig-more#rsa-sha1
        "SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256",

        # Certificate validation mode. Default is ChainTrust.
        "CertificateValidationMode": "ChainTrust",

        # Revocation mode. Default is NoCheck.
        "RevocationMode": "NoCheck"
    },
    "Saml2Client": {
        # Enter the name displayed during login.
        # Example: Google SAML
        "DisplayName": "Google SAML",

        # Enter your Dataedo Portal address.
        # Example: https://127.0.0.1:4435
        "ClientUrl": "https://127.0.0.1:4435"
    }
    }

  4. Go to IIS Manager, and restart the Dataedo Portal app for changes to take effect.

  5. If you open Dataedo Portal, you'll see the option to login with Google:

Google Login Option

Clicking it will take you to the Google login page or directly to your Dataedo Portal page if you're already logged in.

Configuring SAML in Dataedo Portal (Docker)

Update .env

  1. Open the .env file located alongside the docker-compose.yml file.

  2. Update the Single Sign-On section:

    Single sign-on configuration in docker-compose.yml
    # This sample contains inline comments for explanation purposes.
    # Remove all comments (#) before using this configuration in your environment.

    # Enter the path for the metadata XML file saved on your machine.
    DATAEDO_SSO_IDP_METADATA="/opt/dataedo/idpmetadata/GoogleIDPMetadata.xml"

    # Paste the Entity ID field from Google Admin Portal.
    # This value can be found in Service provider details > Entity ID.
    DATAEDO_SSO_ISSUER="GoogleSAMLDataedo"

    # Specify the signature algorithm. Default is RSA_SHA256.
    # For RSA_SHA1, use http://www.w3.org/2001/04/xmldsig-more#rsa-sha1.
    DATAEDO_SSO_SIGNATURE_ALGORITHM=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

    # Certificate validation mode. Default is ChainTrust.
    DATAEDO_SSO_CERTIFICATE_VALIDATION_MODE=ChainTrust

    # Revocation mode. Default is NoCheck.
    DATAEDO_SSO_REVOCATION_MODE=NoCheck

    # Enter the display name shown when logging in.
    # This value cannot contain spaces. Use underscores (_) instead if needed.
    DATAEDO_SSO_DISPLAY_NAME="GoogleSAML"

    # Ensure this URL points to your Dataedo Portal application address.
    DATAEDO_SSO_CLIENT_URL="https://yourwebsite.com/"

  3. Restart the Docker container:

    docker-compose up -d

  4. If you open Dataedo Portal, you'll see the option to login with Google:

    Google Login Option

Clicking it will take you to the Google login page or directly to your Dataedo Portal page if you're already logged in.

Need help?

If you run into any problems or have questions, reach out to Dataedo support.

On this page
Dataedo LogoDataedo Logo
If you have any questions or need assistance, feel free to reach out to the Dataedo support team.
Dataedo support