Identity Federation (OIDC/SAML)
Connect Gatana to your organization identity providers
Introduction
You can connect Gatana to any OIDC Core 1.0 and SAML compliant identity provider. For a single user's account, Gatana might maintain several identities matched on the email. Meaning if a user is created with email tom.smith@mail.com, if they then sign-in using federated identity with the same email, the resulting account will be the same.
Adding an Identity Provider
To add an identity provider, OIDC or SAML, follow these steps in Gatana App:
- Go to Settings by clicking in the left sidebar
- Scroll down to Authentication
- Here you can add your OpenID Connect or SAML provider by clicking on Add
OpenID Connect
To see the Redirect URI Gatana uses for your organization, go to the Settings and click on Add, or Edit for your OIDC identity provider configuration. In the dialog that opens, scroll to the bottom. This is the URL pattern:
https://YOUR_ORG_ID.gatana.ai/oauth/interaction/auth-callbackOIDC Access Token Trust
If you want to use access tokens issued by the OIDC issuer to authenticate requests, you can enable this setting. If enabled, Gatana will accept any access token which (1) is issued by the configured federated OIDC identity provider and (2) has the configued Client ID as its audience.
If no existing user with a matching sub or email is found, a new user will be provisioned.
SAML
To see these SAML values for your organization, go to the Settings and click on Add, or Edit for your SAML identity provider configuration. In the dialog that opens, scroll to the bottom. This are the URL patterns:
Service Provider Metadata URL
https://YOUR_ORG_ID.gatana.ai/api/v1/tenant-saml-metadataSAML Audience/Entity ID
https://YOUR_ORG_ID.gatana.aiACS URL
https://YOUR_ORG_ID.gatana.ai/oauth/interaction/saml-callbackMultiple Identity Providers
At the moment you can only configure one OIDC and one SAML provider. Gatana does not currently support more than one (1) of each.