Corporate SSO

When using the hosted TileDB Cloud service, you can set up corporate SSO to TileDB Cloud. Users associated with the domain name you specify (a domain that you control) will be able to log in to the service without having to separately register or create a new password.

TileDB Cloud connects to your login provider with OpenID Connect, which is supported by most SSO systems, including Google Cloud, Okta, Microsoft, PingIdentity, and more.


To enable TileDB Cloud login, you will need to create an OpenID Connect integration with your SSO provider and configure it to accept requests from TileDB Cloud. Then, you can register this application within the TileDB Cloud web interface to connect it to TileDB Cloud SaaS. Alternatively after release of Enterprise Chart Version 2.10.0 it is possible to use configuration values for TileDB Cloud Enterprise.

Identity provider setup

TileDB Cloud supports most standard OpenID Connect identity providers. These basic steps are shared across all identity providers. For more detailed instructions on how to configure a specific provider with these settings, see the identity provider–specific walkthroughs below.

  1. Create an OpenID Connect integration.

  2. Within your OpenID Connect integration:

    • Add the redirect URL (sometimes called a callback URL) of This allows login details for this integration to be sent to TileDB.

    • Enable required scopes (if needed):

      • openid (should already be enabled)

      • email (allows TileDB Cloud to access and verify the user’s email address)

      • profile (allows TileDB Cloud to see the user’s name and basic information)

Last updated