Authentication methods for your Sigma organization
Sigma supports multiple authentication methods, each with different benefits and limitations. When selecting authentication methods for your Sigma organization, there are two main decisions to make:
- How will users in your organization sign in to Sigma?
- How will you connect to the data in your warehouse?
This document focuses on the available methods for signing in to your organization, and considerations for each available method. For information on the available methods of authenticating to your data platform, view the documentation on your chosen platform, under Connect to data sources.
You can change your organization’s authentication method at any time. However, migration between options can take significant testing and time, so Sigma recommends deciding on a method that suits your needs best from the beginning.
Overview of authentication methods for your organization
Sigma supports password, SAML (Security Assertion Markup Language), and OAuth (Open Authorization) authentication methods for signing in to your organization:
-
Password authentication: Each user signs in using their email address and password. Two-factor authentication via email is automatically enabled for greater security.
-
SAML: SAML is an XML-based protocol that is used for single-sign on (SSO). SAML SSO allows you to securely log in to multiple apps with one ID. This works by using your identity provider (IdP) to verify your identity with a digital certificate, allowing you to sign in with an IdP like Okta or Entra. Sigma supports SAML 2.0.
-
OAuth: When used for SSO purposes, OAuth is combined with OIDC (Open ID Connect). OAuth is a token-based protocol that uses an authorization server (such as your IdP) to create short-lived tokens to enable access without needing your password. Sigma supports OAuth 2.0.
While not a method of authenticating to your organization, SCIM (System for Cross-Domain Identity Management) is also supported in Sigma. Whether your organization wants to use SCIM may influence your authentication method choices.
SCIM is a method of managing user identities at scale, and allows an identity provider (like Okta) to push user and group information updates automatically to all connected apps (like Sigma), without you having to manually update user and group information.
Considerations for choosing an authentication method for your organization
When you choose an authentication method, consider the authentication requirements of your organization and other existing software configurations.
| Password | Password authentication is not recommended for larger organizations due to scalability challenges with managing and rotating passwords, among others. Two-factor authentication is required and supported via email or an authenticator app. See Manage password authentication for steps on how to configure password authentication for signing into your Sigma organization. |
| SAML | SAML allows single sign-on for your organization and can be used to set certain user settings, such as account type, team membership, and more. You can also use SAML in combination with SCIM to manage users and teams, and SAML and SCIM can be managed from a single app. See Set up single sign-on with SAML for steps on how to configure SAML SSO. |
| OAuth | OAuth allows SSO for your organization, and can be easier to implement than SAML. However, you cannot use OAuth to provision users or assign user account types, team membership, and more. To manage users and teams with OAuth, you must use SCIM and manage the configurations with separate apps. If you use the same IdP for your data warehouse, you can use OAuth to sign in to Sigma and connect to your data warehouse. See Configure OAuth authentication for your Sigma organization for steps. |
Updated about 2 hours ago