starred/cloudbeaver
1
0
Fork 0
mirror of https://github.com/dbeaver/cloudbeaver.git synced 2026-04-24 21:26:04 +03:00
Code Issues 212 Projects Releases Packages Wiki Activity
Page: AWS OpenID Authentication
Pages
API and integration AWS Cloud explorer AWS IAM AWS OpenID Authentication AWS OpenID database access via Okta AWS Overview AWS SAML database access via Okta AWS Settings Access to an existing database connection with a link Accessibility Guide Adding new database drivers Admin Password Recovery Administration Users Provisioning Administration Anonymous Access Configuration Audit Logging Authentication Database Native Authentication Microsoft Entra ID Authentication MongoDB Authentication Oracle Wallet Authentication PostgreSQL Pgpass Authentication Salesforce Authentication methods Auto and Manual commit modes Azure Permissions Basic operations Build and deploy Client Side Scripting Cloud Explorer Cloud Storage CloudBeaver AWS Update CloudBeaver AWS deployment on the AWS Marketplace CloudBeaver Community deployment from docker image CloudBeaver Community deployment in Google Cloud CloudBeaver Community deployment in Microsoft Azure CloudBeaver Community deployment on the AWS Marketplace CloudBeaver Deployment CloudBeaver Enterprise Update CloudBeaver Enterprise deployment from docker compose CloudBeaver Enterprise deployment from docker image CloudBeaver Enterprise deployment in AWS CloudBeaver Enterprise deployment in Google Cloud CloudBeaver Enterprise deployment in Microsoft Azure CloudBeaver Enterprise CloudBeaver SSL certificate configuration CloudBeaver Styling components CloudBeaver Workspace Backup CloudBeaver and Nginx CloudBeaver customer technical support information CloudBeaver localization CloudBeaver overview CloudBeaver release cycles Code of Conduct Cognito OpenID Authentication Command line parameters Configuring HTTPS for Jetty server Configuring server datasources Connect Tableau to a database using DBeaver Proxy Driver Connection Management Connection Templates Management Connection configuration Contribute your code Create Connection Custom Plugin DB Navigator Settings menu DB Navigator folders DB Navigator toolbar DBeaver Proxy driver Data Filters Data Ordering Data editor Data export Data import Database Navigator Database Object Editor Database driver CSV Database driver Files MultiSource Database driver JSON Database driver Parquet Database driver XLSX Database driver XML Demo Server Develop in Eclipse Develop in IDEA Develop in VS Code Differences between license types Domain Manager Driver management Drivers Management Entity Diagrams FAQ File based driver properties Frontend development guidelines Frontend technical overview Generate API access token Getting started Global Permissions Google authentication GraphQL API overview Grouping Panel Home How to Import License How to Migrate your CloudBeaver Enterprise Workspace How to Reassign License How to Update License How to access query history database How to change Java security properties How to connect DBeaver or CloudBeaver to PostgreSQL on a separate VM in Azure Initial data configuration JSON and Document View JWT authentication Kerberos Authentication LDAP Authentication Local Access Authentication Local Preferences Log Viewer Log customization Managing Charts Managing Preferences Managing cloud deployed services Microsoft Entra ID authentication Model Context Protocol Server Multi server license Multiple Server URLs NTLM User Authentication Okta OpenID Authentication OpenID Package localization Pass Through Authentication Password policy Plugin system Pre configured permissions for connections Product configuration parameters Product settings authentication Product settings connections Product settings data export Product settings data spreadsheet Product settings erd Product settings navigation tree Properties Editor Proxy Configuration Query Execution Plan Query History Query Manager Query manager database configuration Resource Loading Resource Manager Result Details Panel Reverse proxy header authentication Run GraphQL requests from CLI SAML SQL Assist and Auto Complete SQL Editor SQL Formatting SSH Configuration SSL Configuration Search and Replace Secret Providers Security in CloudBeaver Server API explorer Server Architecture Server Database Server Output Server configuration administration Server configuration Session Manager Settings Shortcuts Simple and Advanced View Single Sign On Snowflake OpenID database access via Okta Supported databases Teams User credentials storage Users Value Panel Visual Query Builder WebSockets Working with spatial GIS data Workspace Location Workspace on AWS and S3 Storage
17 AWS OpenID Authentication
dbeaver-devops edited this page 2026-04-14 07:09:43 +00:00
Table of Contents

Note

: This feature is available in Enterprise and AWS editions only.

Table of contents

AWS-OpenID Authentication uses AWS credentials to authenticate users in applications, leveraging OpenID Connect with AWS OpenID. It enables secure, efficient user access control, minimizing separate account management. For comprehensive setup information of AWS OpenID itself, refer to the official AWS OpenID documentation.

Configuration steps

Enable AWS OpenID Authentication

  1. As an administrator, go to Settings -> Administration -> Server Configuration.
  2. Find and activate the AWS OpenID option in the Authentication section.
  3. Save the changes.

For instructions on configuring AWS Regions, see AWS Settings.

Note

: To use cloud-hosted databases or Amazon S3, also enable the Cloud (AWS) and Cloud Storage checkboxes. In CloudBeaver AWS Edition, the Cloud (AWS) option is enabled by default.

Add an Identity Provider

  1. As an administrator, navigate to Settings -> Identity Providers.

  2. Click on the + Add button.

  3. Fill in the following fields:

    Field Description
    Provider Type Select AWS OpenID from the dropdown menu.
    ID Enter a unique identifier for the configuration.
    Configuration name Enter a descriptive name for this configuration.
    Description Provide a brief description of this identity provider configuration.
    Icon URL Enter the URL of an icon to represent this provider.
    Disabled Leave unchecked to enable this identity provider.
    Client ID The client identifier provided by the OpenID Connect provider.
    Client Secret A secret key associated with the client ID for authentication.
    IDP auth endpoint URL The endpoint for initiating the authentication process.
    IDP token endpoint URL The endpoint for obtaining access and refresh tokens.
    IDP userinfo endpoint URL IDP userinfo endpoint URL.
    Name of the user groups attribute Attribute name for user groups.
    Name of the user id attribute Custom attribute name for user ID.
    Read user info Read user profile data using "userinfo" endpoint URL. Requires "openid", "profile" and "email" OIDC permissions.
    Custom scopes The custom scopes. Use with ; delimiter.
    Role ARN Enter the ARN for the WebIdentity role from AWS.
    Name of an AWS role claim Name of the AWS role claim that contains the name of the AWS role.

    Important: The Role ARN added during this step acts as the default role. It's not advisable to use an administrator role at this step. It is recommended to use a role with minimum privileges during provider setup.

    After the provider is configured, you will see an AWS Role ARN field for each user, where you can specify a role with higher privileges, if necessary.

    Note

    : The values for the Client ID, Client Secret, IDP auth endpoint URL, and IDP token endpoint URL depend on the specific OpenID Connect provider being used.

  4. Copy Redirect and Sign out Links:

    1. Copy the Redirect link and the Sign out link
    2. Update redirect URIs in the authorization service

Login

  1. With the AWS OpenID configuration now established, proceed to the login screen.

  2. Select the Federated authentication method, labeled with the Configuration name you specified.

  3. Clicking on this authentication method will redirect you to the Sign in page.

  4. After selecting the necessary account, you will be automatically redirected and logged into the CloudBeaver.

  5. Verify the Integration of AWS and OpenID:

    1. Once logged in, click on your username in CloudBeaver and navigate to the User Info tab.
    2. Here, you should see two tokens. Their presence indicates that the integration of AWS and OpenID has been successfully completed, and CloudBeaver has access to the necessary credentials.

CloudBeaver Documentation

CloudBeaver - Web Database Manager