Configuring SAML for Looker

REQUIRED ACCOUNT/PERMISSION LEVEL

Bitium: All account levels; must be an Admin to set up

Looker: Admin

In Looker:

  1. Go to Admin > Authentication> SAML.

    Navigate to the SAML set up in Looker

  2. Click the Enabled radio button.

In Bitium:

  1. Go to “Manage Apps.”

  2. Select “Looker” from the list of installed apps.

  3. Select the “Single Sign-On” tab.

  4. From the dropdown, select “SAML Authentication.”

    Copy the values from Bitium into Looker

  5. Copy the Entity ID from Bitium. Paste this into the IdP Issuer field in Looker.

  6. Copy the Login URL from Bitium. Paste this into the IdP URL field in Looker.

  7. Copy the X.509 Certificate from Bitium. Paste this into the IdP Certificate field in Looker.

    Confirm attribute values are correct

  8. Confirm that the User Attribute Settings are set to “Email”, “FirstName”, and “LastName”.

    Set up your groups and roles from Bitium, if desired

  9. In the next section, you can enable Groups and Role mapping. This is optional. If you wish to do so, turn “Set Roles from Groups” to on.

  10. In the Groups Attribute field, type “Groups”. (This is case sensitive).

  11. If you wish to forbid users without roles to authenticate into your Looker instance, enable the “Auth Requires Role” option. If this is turned on, users will not be able to authenticate into Looker unless they have a Role assigned to them. If this is off, users without roles will be able to login, but will not be able to see any data or take actions in Looker.

  12. You can set up your Group to Role pairings by adding your Bitium groups and the roles they should be assigned in Looker. If a group exists in Bitium but not this table, it will simply be ignored by Looker.

    Test the configuration

  13. Click the Test User Authentication button in Looker.

    If the test results are successful, save in Looker

  14. If the following screen shows success, click Update Changes in Looker.

  15. Click Save Changes in Bitium.

Notes: Looker supports JIT provisioning.