How to Set Up LDAP Group Sync with SAML Authentication¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Applies from release 2021.3
With SAML as the authentication method, it is possible to synchronize groups with Alation using LDAP sync. In this case, Alation will use SAML to authenticate users who log in Alation and LDAP to sync Groups from the LDAP directory.
Note
Alation Cloud Service customers can request server configuration changes through Alation Support.
In order to use this “hybrid” configuration, perform the following steps:
Set up SAML Authentication on the Alation instance.
Go to Admin Settings > Authentication and fill out the LDAP information.
Important
Do not select LDAP as the authentication method. It should be set to SAML.
SSH to the Alation host and enable LDAP Group synchronization from the Alation Django shell:
# to enter the Alation shell: sudo /etc/init.d/alation shell # to enter the Django shell: alation_django_shell
To enable LDAP Group sync:
try: from scim.configuration import * except ImportError: print("Note: scim.configuration not found; using defaults.") try: from api_authentication.public.config import * except ImportError: print("Note: api_authentication.public.config not found; using defaults.") try: from rosemeta.utils.users_and_groups.configuration_utils import * except ImportError: print("Note: configuration_utils not found; using defaults.") try: from scim.public.config import * except ImportError: print("Note: scim.public.config not found; using defaults.") enable_ldap_group_sync()
To exit the Django shell:
exitTo exit the Alation shell:
exitCreate the required LDAP Groups in Alation.
LDAP Groups will be auto-synced between Alation and the LDAP directory every 15 minutes (default). When users log in, their accounts will be created and automatically placed into the corresponding Groups. LDAP sync period can be adjusted using alation_conf.