TOИIC
Search…
About Tonic
Getting started with Tonic
Frequently Asked Questions
Setting up and analyzing your workspace
Managing workspaces
Using Privacy Hub to identify and protect sensitive data
Tracking column sensitivity and generator changes
Using the Privacy Report to verify data protection
Managing access to workspaces
Configuring data generation details
Database View
Table View
Table modes
Generators
Subsetting data
Viewing and adding foreign keys
Running Tonic workflows
Running a data generation job
Viewing jobs and job details
Post-job scripts
Webhooks
Viewing and resolving schema changes
Administering Tonic
Deploying a self-hosted Tonic instance
Deploying with Docker Compose
Deploying with Helm
Entering and updating your license key
Connecting to the Tonic database
Setting up a secret
Setting a custom certificate
Health checks
Architecture diagram
Single sign-on
AWS
Azure
Google
Okta
Managing admin users
Managing Tonic users
Sharing logs with Tonic
Sharing database metrics with Tonic
Managing Tonic performance
Updating Tonic
Using the Tonic API
API documentation
Getting started with the Tonic API
Getting the workspace ID
Example: Starting a data generation job
Example: Polling for a job status and creating a Docker package
Setting up specific data sources
Database connectors
Amazon EMR
Amazon Redshift
Databricks
Google BigQuery
MongoDB
MySQL / MariaDB
Oracle
PostgreSQL
Snowflake on AWS
Spark SDK
SQL Server
Other resources
Release notes
Powered By GitBook
Single sign-on
Tonic supports a variety of integrations for authenticating users.
Tonic supports the following integrations for users to create accounts and log in to Tonic using external single sign-on providers:
  • AWS SSO (and other SAML-based authentication)
  • Azure Active Directory
  • Duo Security SSO
  • Google Account SSO
  • Okta
  • PingID (cloud-based, adaptive multi-factor authentication - MFA)
SSO is a licensed feature that is available to customers on Tonic's Enterprise tier.

Configuration

SSO within Tonic requires a valid license for the SSO functionality, and the configuration of several environment variables within the Tonic deployment.
These variables differ by provider and are covered in the following topics:
You can also set the environment variable REQUIRE_SSO_AUTH to true to enable SSO only authentication. This disables standard email/password authentication so that all account creation and login is handled through your SSO provider. If MFA is set up with your SSO, enabling this feature requires all authentication to go through your provider's MFA.

User authentication

Tonic respects the access control policy of your SSO provider. To access Tonic, users must be granted access to the Tonic application within your SSO provider.
After SSO is enabled, users can use SSO to create an account in Tonic.
Account creation with Google SSO enabled
On future logins, users are prompted to use SSO to authenticate.
Login with Google SSO enabled

Groups and collaboration

Tonic's workspace sharing feature supports sharing of workspaces with groups configured in your SSO system, when appropriately configured and with permission to read groups.
Share Workspace dialog
You use the TONIC_SSO_GROUP_FILTER_REGEX environment variable to set a regex to filter the groups that Tonic displays and allows sharing with. For example, .*Tonic.* allows all groups that contain the word "Tonic".
Previous
Architecture diagram
Next
AWS
Last modified 9d ago
Copy link
Outline
Configuration
User authentication
Groups and collaboration