An account administrator or PowerUser must onboard users
by setting up identity federation with Cloudera.
If your organization uses an enterprise identity provider (IdP) that is
compliant with Security Assertion Markup Language (SAML), you must set up identity federation
with Cloudera. Identity federation allows users within your organization to log in to Cloudera through the
authentication system in your organization without registering with Cloudera or creating a
Cloudera account.
The following diagram illustrates how identity federation works with Cloudera:
SAML IdP SSO flow
CDP supports the following:
CDP supports the SAML 2.0 standard. You can set up any identity provider for Cloudera that uses
SAML 2.0.
Setting up an identity provider for Cloudera involves the following steps:
The IdP administrator in your organization generates the SAML metadata that describes your
enterprise IdP.
The CDP administrator sets up the identity provider in Cloudera.
The IdP administrator configures the enterprise IdP in your organization to work with Cloudera as
a service provider.
