Pass-through authentication
Team Edition lets you sign in once with a federated identity provider and access cloud databases and storage without entering additional credentials.
How it works¶
When a user logs into Team Edition with a federated identity provider, the authentication token from that session is reused to access cloud resources. The user does not need to authenticate again when working with cloud databases or cloud storage.
Example
A user who logs in with their Google account can immediately open Cloud Explorer to see and connect to their GCP databases, and open Cloud Storage to access Google Cloud Storage buckets - all without entering any additional credentials.
Supported providers¶
| Identity provider | Cloud services available |
|---|---|
| Google (OpenID) | GCP databases (Cloud Explorer), Google Cloud Storage (Cloud Storage) |
| AWS Identity Providers | AWS databases (Cloud Explorer), Amazon S3 (Cloud Storage) |
| Microsoft Entra ID | Azure databases (Cloud Explorer) |
Configuration¶
Note
Before configuring Team Edition, make sure the identity provider is already set up on the provider's side.
- As an administrator, set up an Identity Provider for your cloud provider - see Supported providers.
- Log in using the Federated method and select the configured provider.
-
After login, you can:
- open Cloud Explorer to browse and connect to cloud databases
- open Cloud Storage to access cloud storage
User management¶
A user with access in the corresponding identity provider logs in using their email address. After the first successful login, Team Edition automatically creates a user profile, which appears in Settings -> Administration -> Users, assigned to the default team.
Pre-configuring users¶
An administrator can create a user in advance and assign permissions, team membership, AWS Role ARN, or Microsoft Entra ID User ID.
Info
For more details, see Users.
Teams¶
An administrator can organize users into teams to control access to connections and permissions. Teams can also be auto-assigned based on group information from the identity provider at login - no manual assignment needed.
Info
For more details, see Teams.