Cloudera Docs

Setting up the identity provider in CDP

In CDP, you must create an identity provider to capture the SAML metadata and connection information for your enterprise IdP. To create an identity provider in CDP, you must be a CDP account administrator or have the PowerUser role.

To create the CDP identity provider:

  1. Sign in to the CDP console:
  2. From the CDP home page, click Management Console.
  3. In the User Management section of the side navigation panel, click Identity Providers.
  4. Click Create Identity Provider.
  5. On the Create Identity Provider window, enter the name you want to use for the CDP identity provider.
  6. Select whether to synchronize the user group membership in CDP with the user group membership in your enterprise IdP.
  7. To synchronize the groups, select the Sync Groups on Login option.

    For more information about user group synchronization, see Group Membership Synchronization.

  8. In Provider Metadata, select File Upload to upload a file that contains the identity provider SAML metadata or select Direct Input to enter the identity provider SAML metadata directly.
  9. Click Create.

CDP adds the new identity provider to the list of CDP identity providers on the Identity Providers page.

When CDP creates the identity provider, it generates the SSO URL that you need to set up CDP as a service provider in your enterprise IdP. After you create the identity provider in CDP, you can view its properties to get the information you need to configure your enterprise IdP to work with CDP.

On the Identity Providers page, click the name of the new CDP identity provider to see its properties:

Property Description
Name Name of the CDP identity provider.
ID ID generated for the CDP identity provider.
Sync Groups on Login Indicates whether CDP synchronizes a user's group membership in CDP with the user's group membership in your enterprise IdP when a user logs in.

For more information about user group synchronization, see Group Membership Synchronization.
Single Sign-on URL The SSO URL for CDP that your enterprise IdP must use to enable users to connect to CDP. For example: https://consoleauth.cdp.cloudera.com/saml?samlProviderId=c983af87...c949580

The value for the samlProviderId parameter is the ID for the CDP identity provider generated by CDP.
CRN The Cloudera resource name assigned to the CDP identity provider.
Provider Metadata The identity provider SAML metadata for your enterprise IdP that you provided when you created the CDP identity provider.