Single Sign-On (SSO)

AuraDB Enterprise AuraDS Enterprise

Aura Enterprise supports Single Sign-On (SSO) at both the Console level and for accessing Workspace, Bloom and Browser clients directly at the instance level.

Accessing Aura with SSO requires:

  • Authorization Code Flow with PKCE.

  • A publicly accessible Identity Provider (IdP) server.

Console SSO

Console SSO allows you to log in to the Aura Console using company IdP credentials and grants Public Access privileges to all instances in the tenant.

The following OpenID Connect (OIDC) certified Identity Providers (IdPs) are currently supported for Console-level Authentication:

  • Microsoft Azure Active Directory (AAD)

  • Okta

To enable Console SSO on your Aura Enterprise tenant(s), please raise a support ticket including the following information:

  1. The Tenant ID of the tenant(s) you want to use SSO. See Tenants for more information on how to find your Tenant ID.

  2. The name of your IdP.

Instance SSO

Instance SSO allows you to directly map groups of users (as defined in your IdP) to DBMS RBAC roles when launching Workspace, Bloom and Browser clients from an Aura instance.

The following OIDC certified IdPs are currently supported for instance-level Authentication:

  • Microsoft Azure Active Directory (AAD)

  • Okta

  • Keycloak

  • Google Authentication

To add SSO for Workspace, Bloom, and Browser to your Aura Enterprise instances, please raise a support ticket including the following information:

  1. The Connection URI of the instance(s) you want to use SSO.

  2. Whether or not you want Workspace, Bloom, Browser, or a combination of them enabled.

  3. The name of your IdP.

If you have to specify an application type when configuring your client, Neo4j is a Single-page application. For more information on configuring your client, see Neo4j Single Sign-On (SSO) Configuration.