SSO & IDP Integration

By default, TigerGraph Cloud manages users within its own portal. For enterprise environments, you can integrate with your preferred Identity Provider (IDP) to centralize user management and enable Single Sign-On (SSO).

1. Supported Protocol

TigerGraph Cloud supports SAML 2.0 for integration with major providers such as:

• Okta
• Azure AD (Entra ID)
• Google Workspace
• Ping Identity

2. Integration Levels

• Organization-Wide: SSO is configured at the organization level. One IDP handles authentication for all clusters within that organization.
• One IDP per Org: You can only connect a single IDP to one TigerGraph Cloud organization.

3. The SSO Workflow

1. App Integration: Create an "Application" in your IDP using metadata provided by TigerGraph.
2. Login: Users log in to the TigerGraph Cloud portal using their corporate credentials.
3. Role Assignment: Once a user logs in via SSO for the first time, an Organization Admin must assign them roles (e.g., Org Admin, Developer) within the TigerGraph portal.

4. Setting it Up

Currently, IDP integration is a white-glove service.

1. Prepare your IDP metadata.
2. Contact support@tigergraph.com.
3. A TigerGraph engineer will guide you through the secure handshake and activation process.

[!NOTE] Database-level users (used for programmatic API access) are still managed separately within each cluster's Access Management tab. SSO primarily covers portal and UI access.