Single Sign On Overview

👤 This documentation is intended for Site Administrators. 

SSO integration is an add-on feature and is configured for each individual site within an account.

Setting Up SSO

⚠️ When performing a large-scale domain, SSO or SCIM change, please turn on Support Access prior to integrating, configuring and testing. It is recommended to coordinate with supportdt@sisense.com so that they can assist.

Instructions are provided for each CDT supported SSO provider:

Signing In with SSO

Users can sign in via SSO in two ways:

Single & Multi-site Access

Depending on the use case, users may have access to one or more Cloud Data Team sites. SSO behaves slightly differently between these two scenarios. 

Single-site Users

Users may have access to a single site where SSO may or may not be configured. 

When attempting to access Cloud Data Teams, the systems will check and determine if the site has SSO configured. If SSO is configured the user will be forced to log in via SSO.  

Multi-site Users

Users may have access to multiple sites, and each site may or may not have SSO configured.

When attempting to access Cloud Data Teams, the system will check to see which sites they have access to (not just which site they are trying to access at the moment) and determine if any of the sites have SSO configured. 

  • If SSO is configured on any of the sites that the user has access to, the user will be forced to log in via SSO.  
  • If SSO is not configured on any of the sites in the account, the user can log in with email and password.

⚠️ SSO system checks are done on the user, rather than the site. In a rare scenario, a multi-site user may be able to log in to CDT using email and password, bypassing SSO if the user is a member of several sites, but none of the sites have SSO configured.

Provisioning Users

Sisense for Cloud Data Teams supports just-in-time user provisioning. New users will be created in Sisense for Cloud Data Teams the first time they log in after being authenticated by the SSO provider. Once the user accesses Sisense for Cloud Data Teams for the first time through the SSO client application, they will appear within the Sisense for Cloud Data Teams system.

Deprovisioning Users

⚠️Sisense for Cloud Data Teams does not currently support automatic user deprovisioning.

When a user’s access to CDT needs to be removed for any reason, deprovisioning or other:

  1. The SSO Administrator must remove the user via the SSO provider 
  2. The CDT Site Administrator must delete the user from the CDT site or sites they should no longer have access to

If the user is removed via the SSO provider, but not from the CDT site or sites, when attempting to log in, the user will be presented with the login screen and prompted for an email and password. In this scenario, the user will be able to log in to CDT using their email and password, bypassing SSO.