TOИIC
Search…
About Tonic
Getting started with Tonic
Frequently Asked Questions
Setting up and analyzing your workspace
Creating and managing workspaces
Workspace options
Privacy Hub
Privacy Report
Sharing a workspace
Configuring data generation details
Database View
Table View
Table modes
Generators
Subsetting data
Viewing and adding foreign keys
Running Tonic workflows
Jobs
Post-job scripts
Webhooks
Viewing and resolving schema changes
Administering Tonic
Deploying Tonic on-premises
Deploying with Docker Compose
Deploying with Helm
Connecting to the Tonic database
Setting up a secret
Setting a custom certificate
Health checks
Architecture diagram
Single sign-on
AWS
Azure
Google
Okta
Managing admin users
Sharing logs with Tonic
Sharing database metrics with Tonic
Managing Tonic performance
Updating Tonic
Using the Tonic API
API documentation
Getting started with the Tonic API
Getting the workspace ID
Example: Starting a data generation job
Example: Polling for a job status and creating a Docker package
Setting up specific data sources
Database connectors
Amazon EMR
Amazon Redshift
Databricks
Google BigQuery
MongoDB
MySQL / MariaDB
Oracle
PostgreSQL
Snowflake on AWS
Spark SDK
SQL Server
Other resources
Release notes
Powered By GitBook
Single sign-on
Tonic supports a variety of integrations for authenticating users.
Tonic supports the following integrations for users to create accounts and log in to Tonic using external Single Sign-On providers:
  • AWS SSO (and other SAML-based authentication)
  • Azure Active Directory
  • Duo Security SSO
  • Google Account SSO
  • Okta
  • PingID (cloud-based, adaptive multi-factor authentication - MFA)
SSO is a licensed feature available to customers on Tonic's Enterprise tier.

Configuration

SSO within Tonic requires a valid license including the SSO functionality as well as the configuration of several environment variables within the Tonic deployment. These variables differ by provider and are covered on the following pages:
Additionally, the environment variable, REQUIRE_SSO_AUTH, can be set to true to enable SSO only authentication. This disables standard email/password authentication so that all account creation and login is handled through your SSO provider. If MFA is setup with your SSO, enabling this feature will require all authentication to go through your provider's MFA.

User authentication

Tonic respects the access control policy of your SSO provider. Users must be granted access to the Tonic app within your SSO provider in order to access Tonic.
Once SSO is enabled, users will have the opportunity to create an account within Tonic using SSO.
Screenshot of account creation with Google SSO enabled
Users will be prompted to authenticate via SSO on future log ins.
Screenshot of log in with Google SSO enabled

Groups and collaboration

Tonic's Workspace Sharing functionality supports sharing of workspaces with groups configured in your SSO system when appropriately configured and with permission to read groups.
Screenshot of the Share Workspace screen
The TONIC_SSO_GROUP_FILTER_REGEX environment variable can be used to set a Regex to filter the groups Tonic will display and allow sharing with. For example, .*Tonic.* would allow all groups that contain the word "Tonic".
Previous
Architecture diagram
Next
AWS
Last modified 19d ago
Copy link
Contents
Configuration
User authentication
Groups and collaboration