How to Set Up LDAP Group Sync with SAML Authentication

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Applies from release 2021.3

With SAML as the authentication method, it is possible to synchronize groups with Alation using LDAP sync. In this case, Alation will use SAML to authenticate users who log in Alation and LDAP to sync Groups from the LDAP directory.


Alation Cloud Service customers can request server configuration changes through Alation Support.

In order to use this “hybrid” configuration, perform the following steps:

  1. Set up SAML Authentication on the Alation instance.

  2. Go to Admin Settings > Authentication and fill out the LDAP information.


    Do not select LDAP as the authentication method. It should be set to SAML.

  3. SSH to the Alation host and enable LDAP Group synchronization by running the code given below from the Alation Django shell:

    # to enter the Alation shell:
    sudo /etc/init.d/alation shell
    # to enter the Django shell:
    #to enable LDAP Group sync:
    from rosemeta.utils.users_and_groups.configuration_utils import enable_ldap_group_sync
  4. To exit the Django shell: exit

  5. To exit the Alation shell: exit

  6. Create the required LDAP Groups in Alation.

LDAP Groups will be auto-synced between Alation and the LDAP directory every 15 minutes (default). When users log in, their accounts will be created and automatically placed into the corresponding Groups. LDAP sync period can be adjusted using alation_conf.