You can translate the question and the replies:

Denodo SSO SAML with Azure AD failing when connection to VDP

I tried setting up Azure SAML SSO in denodo solution manager, I could login to Solution Manager using SSO.From Solution manager, while I tried to connect design studio in preprod /prod environment, It gives me below errors. I tried assigning different roles (even assigned all roles ) to role which is created by giving the calss id of the group name in Azure , but nothing is working. Followed this link to configure SSO in Solution Manager https://community.denodo.com/kb/en/view/document/How%20To%20Configure%20Azure%20AD%20for%20SSO%20in%20the%20Denodo%20Solution%20Manager?category=Security Error: insufficient privileges to connect SSO Configurations: Authentication method : SAML SAML entity ID : https://denodo-01-sm.iqzsystems.io:19443/saml Base URL: https://denodo-01-sm.iqzsystems.io:19443 SAML signing request : YES Identity provider metadata URL : https://login.microsoftonline.com/<tenant_id>/federationmetadata/2007-06/federationmetadata.xml?appid=<client_id> Please share us on 1.Is there any settings to be configured in Virtual data port ? 2.Any specific roles needed to assigned to connect VDP from Solution manger using SSO? Thanks in advance
user
21-04-2022 02:57:10 -0400
code

3 Answers

Hi, If I face such a scenario I would follow the below steps, 1. Login to Virtual DataPort Administration Tool. 2. Navigate to “Administration” tab. 3. Click on “Role Management” and “New”. 4. Add a Role with its name being the newly created group ID in Azure AD. 5. Select the rule and click on “Assign Privileges.” 6. Grant the “**[CONNECT](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#connection-privilege)**” privilege against the required databases. By doing so, the user now has roles matching the group created in the Azure AD, with necessary privileges in both the Solution Manager and the Virtual DataPort and would be able to connect to the Design Studio. For more information, you could refer to the **[Authorization](https://community.denodo.com/docs/html/browse/8.0/en/solution_manager/administration/authentication_and_authorization/authorization/authorization#authorization)** section of the Solution Manager Administration Guide and the **[User and Access Right in Virtual DataPort](https://community.denodo.com/docs/html/browse/8.0/en/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/user_and_access_right_in_virtual_dataport/user_and_access_right_in_virtual_dataport#user-and-access-right-in-virtual-dataport)** section of the Virtual DataPort Administration Guide. Hope this helps!
Denodo Team
21-04-2022 08:40:09 -0400
code
I tried to create the role with its name being object ID of group name in VDP Administration Tool.It is not accepting any special characters such as hypen - . throwing error **Verify the following issue: > Name: Invalid field name. **
user
21-04-2022 09:15:08 -0400
Hi, If I get such error, I would execute the ‘Create Role’ statement from the VQL shell which allows special characters like hyphen, in the name of the role. The syntax would be `CREATE ROLE "<ROLE_NAME>"` Please refer to the **[Managing User Roles](https://community.denodo.com/docs/html/browse/8.0/en/vdp/vql/creating_databases_users_roles_and_access_privileges/managing_users/managing_user_roles#managing-user-roles)** section of the Virtual DataPort VQL Guide for more information. Hope this helps!
Denodo Team
22-04-2022 00:08:03 -0400
code
You must sign in to add an answer. If you do not have an account, you can register here