Single Sign On Overview
Single Sign-On (SSO) is a session and user authentication service that allows users to access multiple applications with one set of login credentials (username and password) - in this case, DataCamp.
DataCamp’s Enterprise SSO integration allows customers to manage their organization's users outside of DataCamp's pre-existing login and account creation flows.
Some of the benefits of SSO include:
- More security - minimizes phishing
- A simpler onboarding and member management process
- Organization members will not need separate login credentials to access DataCamp
In order to set up SSO, you must have an DataCamp Enterprise account and be an Administrator of your organization. Information on upgrading your current subscription can be found HERE.
At this time, DataCamp only supports SAML 2.0 integration. To set up SSO, you must have a SAML Identity Provider (IdP) configured. The IdP is the directory or database that contains the user and organization accounts.
Log into DataCamp and navigate to your Enterprise organization. Once in your organization, click on Settings > SSO > Allow SAML 2.0.
To complete the integration, you must enter the following information into DataCamp. The requested information is unique to your organization and DataCamp would not have access to it prior to the setup.
- Entity ID/Issuer URL: This is provided by the IdP to uniquely identify your organization's domain.
- Login URL/SSO Endpoint: This refers to the URL DataCamp is expected to call in order to request a user login from the IdP.
- IdP Certificate: This is the Authentication certificate issued by your IdP.
DataCamp also provides the following information which you should provide your IdP:
- Entity ID / SAML Audience URL
- Assertion Consumer URL
- Service Provider Metadata XML (Download)
Once you have entered the correct information in both DataCamp and your IdP, the last step is to click Enable SSO. You're all set! SSO has been enabled for your organization.
Looking to set up an integration with one of the following IdPs? Check out our Help Documentation here:
Members can be invited to DataCamp in multiple ways. Once SSO has been enabled for the organization, the standard invite methods will continue to work including invite by email and invite by domain specific Invite Link. Once the member is invited, they will be prompted to create an account with their IdP credentials or bind their existing account by signing in with their IdP credentials.
Depending on the specific IdP configuration, members can also enroll directly from within the IdP by selecting the DataCamp application in the directory.
Note: If a user who does not have a DataCamp account and tries to log in via SSO,
an account will be automatically created for them.
Members can sign into DataCamp directly by using the email associated with their IdP. Upon entering their email, we will check to see if the member belongs to an organization with SSO enabled. If so, we will redirect them to sign in with their IdP credentials. Upon successful completion, we will redirect the member back to DataCamp so they can access the site. Please note, you will need to make sure members you invite are already configured and assigned in your IdP to invite them.
Members can also typically access DataCamp by signing into their IdP directly first and then selecting the DataCamp application within their IdP app directory. This is dependent on the configuration of your specific IdP.
Note: Just-In-Time (JIT) provisioning is always enabled.
What happens if I enable SSO with members already in my organization on DataCamp?
Once SSO is enabled, your existing members will receive an email prompting them to login with their IdP credentials. Once complete, your members will always need to log in with their IdP credentials while they are a member of an organization with SSO enabled.
What happens if an account created via SSO ends up exceeding the number of licenses that my Organization has paid for?
The member will be added, the license count will automatically increase, and a prorated charge will be applied to the payment option on file. If no payment method is on file, an invoice with the amount will be automatically generated.
Is SSO supported on mobile?
Yes, SSO is supported on the mobile app.
What happens if a member is removed from my organization on DataCamp?
If a member in your organization is removed as a Member in DataCamp, they will receive an email prompting them to create new login information. They will also be prompted to confirm their email address and create a new password. They will no longer have access to your organization or premium content as part of your subscription.
What happens if a member is removed from my IdP?
If you remove a member from your IdP and deactivate their IdP login credentials, they will no longer be able to log into DataCamp. Please note, the member will not automatically be removed from the DataCamp organization’s Members list. Please contact our support team to remove a member from your organization.
What happens if I disable SSO?
If you decide to disable SSO, the existing members in your organization will receive an email prompting them to create new log in details including confirming their email and creating a new password.