Generic IdP SAML setup #

Starburst Galaxy supports configuring a generic identity provider (IdP) to manage user and group access to Galaxy, as long as the generic provider supports the Security Assertion Markup Language (SAML) protocol standard.

Precise configuration steps cannot be provided for every IdP. All of the SSO configuration data that any IdP can need are seen in the Okta SAML setup page. Follow the steps on this page, substituting the field names, filenames, and terminology appropriate for your generic IdP.

The IdP must be configured to set the user’s email address as the SAML NameID. In Auth0, for example, this can be done by adding the following setting to the configuration:

"nameIdentifierProbes": [
  "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
]