Configure OAuth authentication for your Sigma organization
This document guides you through configuring Sigma to authenticate your organization member accounts through OAuth single sign-on (SSO).
Prerequisite
- You must have already configured a Sigma OAuth application in your IdP. If you have not yet completed this prerequisite step, see Configure a Sigma OAuth application.
Requirements
- You must be assigned the Admin account type to manage authentication for your Sigma organization.
Configure OAuth as an authentication method for your Sigma organization
In Sigma, configure your organization to use OAuth as an authentication method.
This configuration requires the values for three fields you obtained when configuring your Sigma OAuth application in your IdP.
- Client ID and Client Secret:
- If you are using an external IdP, you obtained these values here: Step 1: Create an app for Sigma in your IdP.
- If you are using Databricks as your IdP, you obtained these values here: Configure a custom OAuth application for Sigma in Databricks Authorization Server.
- Metadata URI:
- If you are using an external IdP, you obtained this value here: Step 3: Create an authorization server.
- If you are using Databricks as your IdP, you obtained this value here: Determine your metadata URI for your Databricks Authorization Server.
When transitioning authentication methods, it is recommended to keep a password-based authentication option enabled. This ensures you are not locked out of your Sigma organization if configuration issues arise.
To configure an OAuth authentication method:
- Go to Administration > Authentication.
- Add OAuth as an authentication method:
- For organizations with multiple identity providers (IdPs) enabled: In the Authentication Methods section, select + Add authentication method.
- For organizations without multiple IdPs enabled: In Authentication Method and Options, locate the Authentication Method setting and select Edit.
- Configure your OAuth authentication method:
- In the Metadata URI field, enter the OAuth metadata URI.
- In the Client ID field, enter the client ID from your OAuth application.
- In the Client Secret field, enter the client secret from your OAuth application.
After you enter and save this value, Sigma does not display it. - [For organizations with multiple IdPs enabled] Enter a Name for your OAuth authentication method. This will be displayed to all users on signing in to Sigma.
- [optional] Configure additional authentication options. For organizations with multiple IdPs enabled, this is under Authentication Options, and for organizations without multiple IdPs enabled, this is under Authentication Method:
- [optional] To enable guest user accounts, turn on the toggle for Allow Guest Access. See Guest User Accounts.
- [optional] To customize how frequently users are prompted to re-authenticate, set a Session Length in Hours. This setting only applies to users logging in with SAML or a password.
- [optional] To ensure users are automatically logged out after a certain length of inactivity in the product, turn on the toggle for Enforce Inactivity Timeouts. See Set up inactivity timeouts.
- Test your OAuth configuration by logging out and logging back into Sigma. Your organization’s sign in page should now display your new authentication method, either with a Log in with SSO prompt or the Name you set for your authentication method.
- If you set an additional password-based authentication option and want to remove it after testing to ensure users are able to log in using OAuth:
- For organizations with multiple IdPs enabled: Select Delete next to your Password authentication option, then select Delete again.
- For organizations without multiple IdPs enabled: You can update your selection in the Authentication Method dropdown to choose the OAuth option, which enforces OAuth login for all users.
If your organization has multiple IdPs enabled, and you want to set up multiple OAuth authentication methods, you will need to repeat this process for each OAuth authentication method.
Updated 6 days ago