LogoLogo
Python SDKSlack
  • Documentation
  • Cookbooks
  • Self-Hosting
  • Release Notes
  • Reference
  • Architecture
  • Self-Hosting
    • On-Premise Overview
    • On-Premise Installation
      • Installation on GCP
      • Installation on AWS
      • Installation on Azure
      • Installation on OpenShift
      • Configuring Ingress Endpoints
      • Configuring SAML
  • On-Premise Integrations
  • On-Premise SDK Usage
Powered by GitBook

Support

  • Chat Us On Slack
  • support@arize.com

Get Started

  • Signup For Free
  • Book A Demo

Copyright © 2025 Arize AI, Inc

On this page

Was this helpful?

  1. Self-Hosting
  2. On-Premise Installation

Configuring SAML

Last updated 21 days ago

Was this helpful?

To enable SAML integration, additional steps are required. First, configure the Identity Provider with the following information. Visitfor more details.

IDP Parameter
Example

SSO URL / ACS (Assertion Consumer Service)

https://arize-app.<my-organization>.com/auth/v2/saml

Audience URI / EntityID

https://arize-app.<my-organization>.com

UserName / NameID Format

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Once the IDP provider is configured, add or update the baseOverlay section in values.yaml with the IDP example below and modify the content according to the environment.

  • The emailDomain is from the email addresses that will be used to login. For example joe@example.com.

  • The accountID, accountOrganizationID, and spaceID fields should always be set to 1 for on-prem deployments.

  • The sync option enables the synchronization of RBAC roles with the IDP provider each time a user logs in.

  • The role_mappings section is optional and should be customized based on the desired RBAC roles.

  • The metadata comes from the IDP provider. There are 2 ways to supply the metadata:

    • Using the metadataURL if a URL is available and reachable from the cluster.

    • By supplying the full XML metadata using a block scalar, as such: metadata: |.

values.yaml:

baseOverlay: |-
  ---
  apiVersion: v1
  data:
    idps.yaml: |
      # Custom IDP Information
      - name: MyIDP
        emailDomain: "example.com"
        authInfo:
          accountID: 1
          accountOrganizationID: 1
          spaceID: 1
          sync: true
        role_mappings:
          - attributes:
              "group": "my-admins"
            is_account_admin: true
          - attributes:
              "group": "my-users"
            org_role:
              org_id: 1
              role_id: 2
            space_roles:
              1: 3
        metadataURL: https://your.metadata.com/
  kind: ConfigMap
  metadata:
    name: idps
    namespace: arize
  ---

Alternatively, the user can embed the XML as follows:

        metadata: |
          <md:EntityDescriptor....
          ...
          </md:EntityDescriptor>

Arize SSO & RBAC Configuration