Streamline Graph Database User Management with Memgraph’s SSO Integration

How to achieve robust security in graph database environments while ensuring a frictionless user experience? Memgraph addresses this crucial need with its new Single Sign-On (SSO) feature, designed to streamline user management and fortify security. This post explores how Memgraph’s SSO can transform your enterprise’s security protocols and enhance operational efficiency.

Understanding Single Sign-On (SSO)

Single Sign-On (SSO) is an authentication process that allows users to access multiple applications with one set of login credentials. Instead of juggling multiple usernames and passwords, users log in once via an external identity provider and gain access to all connected systems, including Memgraph.

How SSO Works

At a high level, SSO involves three key components:

1. User: The individual trying to gain access.

2. Identity Provider (IdP): The system that verifies the user's identity.

3. Service Provider (SP): The application or service the user wants to access—in this case, Memgraph.

SSO Workflow

1. User Initiates Sign-In: The user opts to sign in using credentials from the identity provider.

2. Redirection to IdP: The user is securely redirected to the identity provider.

3. Credential Input: The user enters their login credentials at the identity provider.

4. Verification and Token Issuance: The identity provider verifies the user and issues a token or credential.

5. Token Validation: The service provider (Memgraph) validates this token with the identity provider, receives necessary information like usernames and roles, and lets the user in.

   

Memgraph’s Role as a Service Provider

In this process, Memgraph acts as the service provider. The beauty of SSO lies in its centralized approach: the identity provider handles all sensitive information, while Memgraph receives a token to confirm the user's identity. This setup simplifies user management and bolsters security by centralizing credential verification.

Integrating SSO with Memgraph

Integrating SSO with Memgraph is a straightforward process. Here's how it works:

1. Configure Identity Provider: Add information about your chosen identity provider to both Memgraph Lab and the Memgraph database.

2. Memgraph Lab Interface: Memgraph Lab, a user-friendly interface for database actions, facilitates SSO by redirecting users to the identity provider with "Sign in with" options.

   

3. Support for Leading IdPs: Memgraph supports Microsoft Entra ID (formerly Active Directory) and Okta, two leading identity providers.

   

4. Protocol Flexibility: Choose between SAML or OIDC (OAuth2) protocols to integrate SSO seamlessly with your existing infrastructure.

   

Seamless Authentication and Role Management

Once a user successfully authenticates with Microsoft Entra ID or Okta, they are redirected to Memgraph. Memgraph then performs additional validation and role mapping and grants access—all in one secure workflow. This eliminates the need to create individual users or manually assign roles within Memgraph, as all user and role information is centralized in the identity provider.

Memgraph enables the seamless mapping of groups or roles from the identity provider to corresponding roles within Memgraph. This automatic role assignment ensures efficient and secure access management.

Flexibility and Security

Memgraph offers the flexibility to connect multiple identity providers alongside native username/password authentication, allowing you to choose the best solution for your needs. This flexibility, combined with the enhanced security of SSO, makes Memgraph a powerful tool for managing user access in an enterprise environment.

Conclusion

Memgraph’s Single Sign-On (SSO) feature significantly enhances enterprise security and simplifies user management. By centralizing authentication through leading identity providers like Microsoft Entra ID and Okta, Memgraph ensures a seamless and secure user experience. For businesses looking to streamline their security protocols while maintaining flexibility and control, Memgraph’s SSO is an invaluable feature.

Next Steps

SSO is one of several Memgraph Enterprise features such as high-availability automatic failover, multi-tenancy, monitoring, authentication and authorization, auditing, encryption, and other. You can read about them in more detail under the Further Reading section below.

To try all these features out, sign up for a 30-day free Memgraph Enterprise trial. No strings attached, so you can adequately test what Memgraph can do for you.

Further Reading

This blog post is part of the "Memgraph is Enterprise-Ready" series. Be sure to check out the other articles:

• Product announcement: Memgraph Is Enterprise-Ready
• Blog post: Memgraph Security Features Explained: Authentication, Authorization, Encryption, and Auditing
• Blog post: Memgraph Operational Features Explained
• Blog post: Announcing Memgraph's High Availability Automatic Failover: Developer-Ready
• Blog post: Announcing: Memgraph as a Multi-Tenant Graph Database