> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bigdata.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Bigdata Authentication
Bigdata.com provides official connectors for [Claude](/mcp-reference/oauth-integrations/claude-mcp-integration), [ChatGPT](/mcp-reference/oauth-integrations/chatgpt-mcp-integration), and [Microsoft Copilot](/mcp-reference/oauth-integrations/microsoft-copilot-mcp-integration) that administrators can set up with just a few clicks. Once the connector is available, users only need to connect and log in with their Bigdata App email and password, or through their enterprise Single Sign-On (SSO).
If you prefer to use the MCP from your own proprietary platform and govern user authentication and authorization yourself, you can integrate with a Bigdata API Key instead. See the [MCP Integration with API Key](/mcp-reference/api-integrations/mcp-api-integration) guide.
## Bigdata login
By default, a brand new organization is set up to log in with the Bigdata Identity Provider via the Bigdata App.
Please contact [support@bigdata.com](mailto:support@bigdata.com) if you wish to add or remove users from your organization.
## Single Sign-On (SSO)
If you would prefer to use your enterprise SSO, our Customer Support team can help you set it up. This section explains how we work with you to establish the SSO trust between your enterprise Identity and Access Management (IAM) and the Bigdata Identity Provider.
We support the following SAML integrations: **Microsoft (Azure / Entra ID)**, **Google**, and **Okta**. Reach out to us if you require a different standard or solution.
Contact [support@bigdata.com](mailto:support@bigdata.com) to request the Single Sign-On setup for your particular domains. Once all steps are complete, users with email addresses on that domain can log in to your SSO page after a redirect.
Customer Support will send you the **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)** which you will need in Step 4 to set up the SSO connection on the Microsoft side.
1. Navigate to the [Microsoft Azure portal](https://azure.microsoft.com/en-us/get-started/azure-portal) and sign in.
2. Under the **Azure Services** section, find and select **Enterprise applications**. You may have to go to the [All services](https://portal.azure.com/#allservices) page and then scroll down to the **Identity** section to find it.
3. Select **New application**. You'll be redirected to the **Browse Microsoft Entra Gallery** page.
4. Select **Create your own application**.
5. In the modal that opens:
* Enter the **Name** of your app.
* Select **Integrate any other application you don't find in the gallery (Non-gallery)**.
* Select **Create**.
Now that you have created the enterprise app, you need to assign users or groups to it.
1. In the **Getting Started** section, select the **Assign users and groups** link.
2. Select **Add user/group**. You'll be redirected to the **Add Assignment** page.
3. Select the **None Selected** link.
4. To assign a user to the enterprise app, either use the search field to find a user or select the checkbox next to the user in the table.
5. Select **Select** at the bottom of the page. You'll be redirected to the **Add Assignment** page.
6. Select **Assign** at the bottom of the page.
After assigning the user or group to the enterprise app, you need to configure the SSO settings in Microsoft to enable SAML SSO.
1. In the navigation sidebar, open the **Manage** dropdown and select **Single sign-on**.
2. In the **Select a single sign-on method** section, select **SAML**. You'll be redirected to the **Set up Single Sign-On with SAML** page.
3. Find the **Basic SAML Configuration** section.
4. Select **Edit**. The **Basic SAML Configuration** panel will open.
5. Paste the **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)** values provided by Customer Support in Step 1 into their respective fields. These values will be saved automatically.
* **Identifier (Entity ID):** the value provided by Customer Support.
* **Reply URL (Assertion Consumer Service URL):** the value provided by Customer Support.
6. Select **Save** at the top of the panel. Close the panel.
1. On the **Set up Single Sign-On with SAML** page, find the **SAML Certificates** section.
2. Copy the **App Federation Metadata Url**.
3. Send this information back to your RavenPack / Bigdata.com representative.
Mapping the claims in your IdP to the attributes in Bigdata.com ensures that the data from your IdP is correctly mapped to the data in Bigdata.com.
| Bigdata.com attribute | Microsoft claim |
| --------------------- | ------------------------ |
| `mail` | `user.userprincipalname` |
| `firstName` | `user.givenname` |
| `lastName` | `user.surname` |
The only Microsoft claim that is necessary to map is the email address claim. This is the email address that your users will use to authenticate into your app.
1. On the **Set up Single Sign-On with SAML** page, find the **Attributes & Claims** section.
2. Select **Edit**.
3. To edit the email claim, select the claim with the claim name ending with `/claims/emailaddress`. You'll be redirected to the **Manage claim** page.
4. Next to **Source attribute**, search for and select `user.userprincipalname` in the dropdown.
5. Select **Save** at the top of the page.
Bigdata.com Customer Support needs to register all user emails into the Bigdata Identity Provider. Please provide us with the list of emails that need to access the Bigdata.com MCP.
Contact [support@bigdata.com](mailto:support@bigdata.com) to request the Single Sign-On setup for your particular domains. Once all steps are complete, users with email addresses on that domain can log in to your SSO page after a redirect.
Customer Support will send you the **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)** which you will need in Step 5 to set up the SSO connection on the Google side.
1. Navigate to the [Google Admin Console](https://admin.google.com/) and sign in.
2. In the navigation sidenav, under **Apps**, select **Web and mobile apps**.
3. Select the **Add app** button.
4. From the dropdown, select **Add custom SAML app**.
5. In the **App details** section, an **App name** is required.
6. Select the **Continue** button.
There are two options for configuring your Identity Provider. We recommend **Metadata configuration**, which uses a URL or file to your IdP's metadata and is quicker than manually inputting the configuration settings.
In the Google Admin Console, under **Option 1: Download IdP Metadata**, select the **Download Metadata** button.
Copy the IdP Metadata and send this information back to your RavenPack / Bigdata.com representative.
In the Google Admin Console, paste the **ACS URL** and **Entity ID** values provided by Customer Support in Step 1 into their respective fields:
* **Identifier (Entity ID):** the value provided by Customer Support.
* **Reply URL (Assertion Consumer Service URL):** the value provided by Customer Support.
Under the **Name ID** section, select the **Name ID format** dropdown and select **Email**.
Select **Continue**.
Mapping the claims in your IdP to the attributes in Bigdata.com ensures that the data from your IdP is correctly mapped to the data in Bigdata.com.
| Bigdata.com attribute | Google claim |
| --------------------- | --------------------------------- |
| `mail` | Basic Information > Primary email |
| `firstName` | Basic Information > First name |
| `lastName` | Basic Information > Last name |
The only Google claim that is necessary to map is the **Primary email**. This is the email address that your users will use to authenticate into your application.
1. In the Google Admin Console, under the **Attributes** section, select **Add mapping**.
2. Select the dropdown under **Google Directory attributes**.
3. Select **Primary email**.
4. In the **App attributes** field, enter `mail`.
5. If you have additional claims that you would like to map to Bigdata.com, you can do so by following the steps in the **Map other claims** section. Otherwise, select the **Finish** button.
Once the configuration is complete in Google, you'll be redirected to the app's overview page.
1. In the **User access** section, select **OFF for everyone**. You'll be redirected to the **Service status** page.
2. Select **ON for everyone**.
3. Select **Save**.
Contact [support@bigdata.com](mailto:support@bigdata.com) to request the Single Sign-On setup for your particular domains. Once all steps are complete, users with email addresses on that domain can log in to your SSO page after a redirect.
Customer Support will send you the **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)** which you will need in Step 2 to set up the SSO connection on the Okta side.
1. Navigate to [Okta](https://www.okta.com/) and sign in.
2. In the Okta dashboard, select **Admin** in the top right corner.
3. In the navigation sidenav, select the **Applications** dropdown and select **Applications**.
4. Select **Create App Integration**.
5. In the **Create a new app integration** modal, select the **SAML 2.0** option and select the **Next** button.
6. Once redirected to the **Create SAML Integration** page, complete the **General Settings** fields. An **App name** is required.
7. Select **Next**. You'll be redirected to the **Configure SAML** page.
8. Paste the **Single sign-on URL** and the **Audience URI (SP Entity ID)** values provided by Customer Support in Step 1 into their respective fields:
* **Identifier (Entity ID):** the value provided by Customer Support.
* **Reply URL (Assertion Consumer Service URL):** the value provided by Customer Support.
Mapping the claims in your IdP to the attributes in Bigdata.com ensures that the data from your IdP is correctly mapped to the data in Bigdata.com.
| Bigdata.com attribute | Okta claim |
| --------------------- | ---------------- |
| `mail` | `user.email` |
| `firstName` | `user.firstName` |
| `lastName` | `user.lastName` |
1. In the Okta dashboard, find the **Attribute Statements (optional)** section.
2. For the **Name** field, enter `mail`.
3. For the **Value** field, choose `user.email` from the dropdown.
4. Select the **Add Another** button to add another attribute.
5. For the **Name** field, enter `firstName`.
6. For the **Value** field, choose `user.firstName` from the dropdown.
7. Select the **Add Another** button to add another attribute.
8. For the **Name** field, enter `lastName`.
9. For the **Value** field, choose `user.lastName` from the dropdown.
10. Scroll to the bottom of the page and select the **Next** button to continue.
11. You will be redirected to the **Feedback** page. Fill out the feedback however you would like and select the **Finish** button to complete the setup.
You need to assign your users / user groups to your enterprise application. Assign one or more users or entire groups to the enterprise application you just created.
1. In the Okta dashboard, select the **Assignments** tab.
2. Select the **Assign** dropdown. You can either select **Assign to people** or **Assign to groups**.
3. In the search field, enter the user or group of users that you want to assign to the enterprise application.
4. Select the **Assign** button next to the user or group that you want to assign.
5. Select the **Done** button to complete the assignment.
Once you have completed the setup in Okta, you will be redirected to the application instances page with the **Sign On** tab selected.
1. Under **Sign on methods**, copy the **Metadata URL**.
2. On the **Set up Single Sign-On with SAML** page, find the **SAML Certificates** section.
3. Copy the **App Federation Metadata Url**.
4. Send this information back to your RavenPack / Bigdata.com representative.
If you need to register additional users or delete existing ones, please contact Customer Support and we will update it.