SAML and OIDC SSO Setup

Palette supports Single Sign-On (SSO) with a variety of Identity Providers (IDP). You can enable SSO in Palette by using the following protocols for authentication and authorization.

• Security Assertion Markup Language (SAML) - SAML is a standalone protocol that requires a centralized identity provider (IDP) to manage user identities and credentials. SAML supports SSO and is commonly used for enterprise applications.

• OpenID Connect (OIDC) - OIDC more modern protocol designed for web and mobile applications. OIDC is built on top of OAuth 2.0, a widely used authorization framework. OIDC supports distributed identity providers and supports social login providers such as Google or GitHub.

Limitations

Palette API keys that belong to Palette users removed from the organization through OIDC/SAML are not automatically removed. We recommend that you remove these keys to ensure that they are no longer used. You can programmatically remove the API keys using the REST API or the Palette SDK. Check out the Delete API Key page for more information on how to delete an API key programmatically.

tip

Tenant administrators can view all API keys created for the tenant. Users are limited to actions for their own API keys. To learn more about the API key management tasks you can perform as a tenant administrator, refer to the Tenant API Key Management page.

Check out the following resources to enable SSO in Palette with the supported Identity Providers (IDP).

Resources

• Enable SSO with Microsoft Active Directory Federation Service (AD FS)

• Palette SSO with Okta OIDC

• Palette SSO with Okta SAML

• Palette SSO with OneLogin

• Palette SSO with Keycloak

• Palette SSO with Microsoft Entra ID