SSO IntegrationsApplicationsSetup Guides

Metabase (SAML)

This guide details the steps required to configure Descope to work with Metabase as a federated identity provider, using SAML.

You can refer to the Metabase SAML documentation for more information on how this works and how to configure the Metabase side: Metabase SAML Authentication.

Note

Keep in mind that only the Pro and Enterprise tiers of Metabase work with SAML authentication.

Table of Contents

  1. Descope Configuration
  2. Metabase Configuration

These steps will be taken in parallel, so it's a good idea to have the Descope Console and your Metabase Settings Dashboard both open before you begin.

Descope Configuration

  1. Create a New SAML Application: In your Descope console, go to the Applications section in the Descope Console and add a new SAML application.

App new Application in Descope

  1. Configure Descope's SAML Settings in Metabase: Copy the Entity ID and XML URL from Descope and paste them into the respective fields in Metabase's SSO Configuration.

SAML IdP settings to copy over to Metabase

You can skip to the Metabase Configuration section to get instructions on where to put these in Metabase. Once you've completed the Metabase Configuration steps, return here to complete the setup process.

  1. Enter Metabase's Metadata: You'll need to select Enter the connection details manually, and from there input the ACS URL, Entity ID and Certificate that you retrieved from Metabase in Step 3 under Metabase Configuration below.

  2. SSO Mapping: This is found in the settings for your new SAML application. You'll need to map at least email to each of your Descope Users. It's also a good idea to map first and last name as well, along with SAML groups that are already configured in Metabase. You can do so by configuring the SSO mapping like this:

Descope FieldSAML Claim
Emailhttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Given Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Family Namehttp://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Descope Roleshttp://schemas.xmlsoap.org/claims/Group

Here is an example of what this looks like:

SSO Mapping in Descope

Metabase Configuration

  1. Set up SAML in Metabase: Navigate to the Admin Panel in Metabase, then to the Authentication tab. Select 'SAML' and enable it.
  2. Configure SAML Settings: Fill in the necessary details such as SAML Identity Provider URL, Entity ID, etc., as required by Metabase.
  3. Copy Over IdP Configuration Settings: You'll need to gather the URL the IdP should redirect to, as well as the Entity ID and Certificate from Metabase for use in the Descope Console. For more information, visit the Metabase docs page.

Configuring SAML in Metabase

Now return to the Descope Console and put in the necessary information under SP Configuration. These steps are detailed above, under Step 3 of the Descope Configuration section.

Was this helpful?

Previous

SAML

Next

Ping Identity (OIDC)

On this page

Metabase (SAML)Table of ContentsDescope ConfigurationMetabase Configuration