Documentation Index

Fetch the complete documentation index at: https://docs.lobster-world.com/llms.txt

Use this file to discover all available pages before exploring further.

User management with SSO

Prev Next

See also: SSO (Single Sign-On), Users

This guide explains how to manage user accounts on Lobster Data Platform when SSO is in use. It covers the supported options and the current limitations.

User management options

The platform supports two ways to provide users with SSO access:

Option

Best for

Effort

Manual user mapping.

Existing LDP users who get SSO added.

Per user, in the LDP UI.

Self-registration via e-mail invitation.

New external users who do not yet have an LDP account.

Per invitation, sent from LDP.

Limitations

NOTE  This reflects the state as of release 26.2.

Automatic user provisioning is not supported. The following standards are not available:

  • SCIM is not implemented.

  • JIT (just-in-time) provisioning is not implemented.

  • SAML SSO is not natively supported. SSO is currently OAuth2/OpenID Connect only.

  • Active Directory/LDAP sync is not available.

Each user account must be created and mapped manually. Alternatively, you can use the self-registration template.

NOTE Plan for the manual effort

Plan for the manual effort when you roll out SSO to a large user base. Automated provisioning is not an option today.

Option 1: Manual user mapping

Use this option when users already have an LDP account. It also fits when you create users one by one in the LDP UI.

The process:

  1. Create or open the user record in Users.

  2. Go to "External user login infos".

  3. Add an entry with the Provider alias and User term that matches the user's SSO identity.

For a worked example with Azure, see Configuring Azure SSO: step-by-step example (Step 5).

Option 2: Self-registration via e-mail invitation

Use this option when external users do not yet have an LDP account. You want them to set up their account themselves.

The platform provides a self-registration template. An administrator sends an e-mail invitation to the external user. The user follows the link and completes the registration.

For setup details, see Template: Self-Registration.

NOTE Self-registration is not automated provisioning

Each invitation is sent manually. The administrator chooses who is invited and when.

When to use which option

Scenario

Option

Existing LDP user, you add SSO

Manual mapping.

Small number of new external users

Self-registration via invitation.

Large user base from an enterprise IdP

Manual mapping. Plan for the manual effort.

Related articles