Using multiple identity providers for your Sigma organization

Sigma supports using multiple identity providers (IdPs) to sign into your Sigma organization, providing greater flexibility for organizations. For example, multiple IdPs can support scenarios where different departments in a company use different IdPs, or where contract and full-time employees use different IdPs.

This document covers some key considerations for enabling multiple IdPs and the process to enable multiple IdPs in your Sigma organization.

System and user requirements

• You must be assigned the Admin account type to enable multiple IdPs for your organization.
• If your organization uses SAML SSO in Sigma, you must enable unique SAML entity IDs.

Considerations when using multiple IdPs

• For organizations with existing organization-level OAuth configurations:

  • If you enable multiple IdPs for your organization, you can no longer use existing organization-level OAuth configurations to sign in to connections. Connections must use connection-level OAuth instead. When enabling multiple IdPs, connections that reuse your organization-level OAuth configuration are automatically migrated to use connection-level OAuth. The same OAuth application details are used. You can edit these details again later.

  • For more information on connection-level OAuth, see Use different OAuth configurations for authenticating users to your connections than you use for your Sigma organization.

• When transitioning authentication methods, it is recommended to keep a password-based authentication option enabled. This ensures you aren’t locked out of your Sigma organization if configuration issues arise.

• If your organization uses SCIM to manage and provision users, make sure that each user is provisioned by only one IdP. If a user is provisioned by more than one IdP, access conflicts are likely to occur.

Enable multiple identity providers for your Sigma organization

When you enable multiple IdPs, each existing authentication method your organization has configured appears separately in the Administration portal, and can be independently managed. For example, organizations with SAML or password enabled will see both SAML and Password listed as separate, editable authentication methods.

🚧

If your organization uses organization-level OAuth to sign in to connections, enabling multiple IdPs automatically migrates those connections to use connection-level OAuth instead. The same OAuth application details that your organization is currently using are reused at the connection level. You can edit these details again later. For more information on editing connection-level OAuth configurations, see:

• Connect to Snowflake with connection-level OAuth
• Connect to Databricks
• Connect to BigQuery with OAuth

To enable multiple IdPs for your Sigma organization:

1. Go to Administration > Authentication.
2. Under the listed authentication methods, select + Use multiple identity providers.
3. In the modal that appears, select Proceed.

After successfully enabling multiple IdPs, each authentication method your organization has configured appears separately on the page. Any connections previously using organization-level OAuth now use connection-level OAuth.

If you want to add a new authentication method, see Manage authentication method and options.