Configuring SAML for Looker
REQUIRED ACCOUNT/PERMISSION LEVEL
Bitium: All account levels; must be an Admin to set up
Go to “Manage Apps.”
Select “Looker” from the list of installed apps.
Select the “Single Sign-On” tab.
From the dropdown, select “SAML Authentication.”
Copy the Entity ID from Bitium. Paste this into the IdP Issuer field in Looker.
Copy the Login URL from Bitium. Paste this into the IdP URL field in Looker.
Copy the X.509 Certificate from Bitium. Paste this into the IdP Certificate field in Looker.
Confirm that the User Attribute Settings are set to “Email”, “FirstName”, and “LastName”.
In the next section, you can enable Groups and Role mapping. This is optional. If you wish to do so, turn “Set Roles from Groups” to on.
In the Groups Attribute field, type “Groups”. (This is case sensitive).
If you wish to forbid users without roles to authenticate into your Looker instance, enable the “Auth Requires Role” option. If this is turned on, users will not be able to authenticate into Looker unless they have a Role assigned to them. If this is off, users without roles will be able to login, but will not be able to see any data or take actions in Looker.
You can set up your Group to Role pairings by adding your Bitium groups and the roles they should be assigned in Looker. If a group exists in Bitium but not this table, it will simply be ignored by Looker.
Click the Test User Authentication button in Looker.
If the following screen shows success, click Update Changes in Looker.
Click Save Changes in Bitium.
Notes: Looker supports JIT provisioning.