DNAnexus supports single sign-on and account federation using the SAML 2.0 protocol.
DNAnexus supports Single Sign-on functionality using the SAML 2.0 protocol. Using identity management services like PingIdentity PingOne, Okta, and OneLogin, DNAnexus users within your organization can use their Active Directory or LDAP-based accounts to log in to DNAnexus.
In SAML terminology, DNAnexus is a Service Provider, and its metadata is available at https://auth.dnanexus.com/saml2. To use an SSO integration with DNAnexus, first email email@example.com to register your Identity Provider metadata with us.
Email DNAnexus support with information about your organization and the SSO integration provider that you use. If you have SAML IdP (Identity Provider) metadata XML for your system, please include it.
DNAnexus supports SSO just-in-time provisioning of accounts authorized by the identity provider. When the user logs in via their identity management SSO portal, DNAnexus automatically creates a new account if necessary, and links it to the identity sent by the identity provider.
To log in, users should first access their identity management SSO portal and select the DNAnexus application. They will then be automatically redirected into the DNAnexus platform.
This process (known as SP-initiated SSO) is not yet supported. Users will see an error message prompting them to instead log in through their identity management SSO portal.
Yes. SSO users cannot change their email address or password, or enable 2-Factor Authentication on the DNAnexus website. Users should use the identity management service to configure these options instead.
Please use the administrative management console for your identity management service to manage your organization's SSO users.
No, single logout is not yet supported. Please email us if you need this feature.
Yes. To log in, users should first access their identity management SSO portal and select the DNAnexus application. They will then be automatically redirected into the DNAnexus platform.
No, SP-initiated login is not yet supported. Please email us if you need this feature.
No, this process is currently manual. Please email us if you need to add a user to a DNAnexus organization.
When trying to log in with
dx login, SSO users receive this message:
dx: Login error: SSORequiredError: The user is registered via single sign-on and may only log in through the identity provider, code 403
To use the command line with an SSO-enabled account, first create an API token on the DNAnexus Platform website. Click on the user name and navigate to the Profile, then click API Tokens and create a new token. Then specify the token on the command line using
dx login --token TOKEN.