SSO groups #

The built-in user and role management system in Starburst Galaxy does not have a built-in concept of user groups. Therefore, a Starburst Galaxy account configured to use only the built-in system shows an empty pane when you invoke Access > Groups.

The use of groups is a SCIM concept. If your Galaxy account is configured to authorize logins with a single sign-on identity provider (IdP), and that service supports SCIM, then Galaxy inherits any group names authorized in that IdP to access Galaxy.

When Starburst Galaxy is configured to work with SCIM, the IdP pushes updates of user and group membership information to Starburst Galaxy.

With SCIM configured, the Groups pane is populated with at least one test group, with more added as the IdP begins to push group and user information to Galaxy.

Use your SSO’s admin portal to assign user membership in groups. Use Galaxy’s Groups pane to assign roles to groups.

If your IdP is Okta, see Okta group considerations to understand Okta’s special handling of group names.