Configure OAuth authentication for your Sigma organization

This document guides you through configuring Sigma to authenticate your organization member accounts through OAuth single sign-on (SSO).

Prerequisite

• You must have already configured a Sigma OAuth application in your IdP. If you have not yet completed this prerequisite step, see Configure a Sigma OAuth application.

Requirements

• You must be assigned the Admin account type to manage authentication for your Sigma organization.

Configure OAuth as the authentication method for your Sigma organization

In Sigma, configure your organization to use OAuth as the authentication method.

This configuration requires the values for three fields you obtained when configuring your Sigma OAuth application in your IdP.

• Client ID and Client Secret:
  • If you are using an external IdP, you obtained these values here: Step 1: Create an app for Sigma in your IdP.
  • If you are using Databricks as your IdP, you obtained these values here: Configure a custom OAuth application for Sigma in Databricks Authorization Server.
• Metadata URI:
  • If you are using an external IdP, you obtained this value here: Step 3: Create an authorization server.
  • If you are using Databricks as your IdP, you obtained this value here: Determine your metadata URI for your Databricks Authorization Server.

1. Go to Administration > Authentication.
2. In the Authentication Method and Options section, locate the Authentication Method setting and click Edit.
3. In the Authentication Method & Options page, configure OAuth authentication:
   1. In the Authentication Method dropdown, select the OAuth or OAuth or password option.
   2. To enable guest users to access permitted content, turn on the Allow Guest Access switch. Guest users must have user accounts in your data platform and be added as OAuth users in your IdP in order to access Sigma.
   3. In the Metadata URI field, enter the OAuth metadata URI.
   4. In the Client ID field, enter the client ID from your OAuth application.
   5. In the Client Secret field, enter the client secret from your OAuth application.
      After you enter and save this value, Sigma does not display it.
   6. Click Save to apply the changes.
4. Test your OAuth configuration by logging out and logging back into Sigma. Your organization’s login page should now display a "Log in with SSO" prompt.