Single sign-on and OAuth EnterpriseEnterprise +
This section covers how to authenticate users and connect data platforms in dbt platform using:
These features are available on Enterprise and Enterprise+ plans and are typically configured by account admins or security teams.
SSO
Lets users log in to dbt with your identity provider (IdP) instead of a password. Supports Just-in-Time provisioning and IdP-initiated login. For admins setting up Okta, Microsoft Entra ID, Google Workspace, or SAML 2.0.
- Single sign-on (SSO) overview — How SSO works and prerequisites
- Migrating to Auth0 for SSO
- Set up SSO with SAML 2.0
- Set up SSO with Okta
- Set up SSO with Google Workspace
- Set up SSO with Microsoft Entra ID
SCIM
Automates user and group provisioning from your IdP into dbt (and, with Okta, license assignment). For admins using Okta or Microsoft Entra ID who want to sync users and groups.
- Set up SCIM — Prerequisites and enabling SCIM in dbt
- Set up SCIM with Okta (includes license management)
- Set up SCIM with Entra ID
Connection OAuth
Connection OAuth is for authenticating to your data platform (like Snowflake, BigQuery), which is different from SSO, which handles user login to dbt platform. It lets developers authorize their development credentials with a data platform using that platform's login instead of storing passwords in dbt. For admins and developers connecting to supported data platforms.
- OAuth overview — What's available by platform
- Set up Snowflake OAuth
- Set up Databricks OAuth
- Set up BigQuery OAuth
- Set up external OAuth with Snowflake
- Set up external OAuth with Redshift
Was this page helpful?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
