Authentication & SSO
Subsalt can integrate with many SSO identity providers and can also self-manage accounts via an internally-hosted Keycloak instance. Organizations are limited to either SSO via an identity provider or Subsalt-managed accounts; if you need to support both then you can create multiple organizations to manage more complex user configurations.
Read more about User management for Subsalt-managed accounts.
Authenticating to query endpoint
All users must use a Subsalt-managed password for connecting to the query endpoint; users can update their passwords themselves in the Profile > Access credentials section of the portal.
Administrators can also reset passwords for other users in the Organization > Accounts section of the portal. Read more about this functionality in the User management section.
Subsalt requires that users in SSO-based organizations create a dedicated password for Running queries; this security precaution ensures that the Subsalt system is never exposed to sensitive credentials that it's not responsible for managing.
Last updated