Manage access¶
To manage access to DataRobot, you may need to:
- Manage your DataRobot license.
- Create a custom user agreement.
- Configure SSO SAML for users.
Manage licenses¶
Availability information
This feature is only available on the Self-Managed AI Platform.
Required permission: Enable Application Management
A valid, unexpired DataRobot license is required for model building. Use the License page to apply a new license key to the deployed cluster when the current license is expiring or close to expiring. Contact Support to obtain a new DataRobot license key, when required.
The application banner shows messages, visible to all users, when:
- The current license is expiring within 30 days (by default); users can click the banner to snooze for four days at a time.
- The license has expired.
If your license expires before applying the new license, users continue to have access to DataRobot and can make predictions using existing models. They cannot build new models or new insights or generate Compliance Documentation; existing elements are still available in the UI, however. If model building (EDA2) is running for a project when the license expires, the current round finishes.
When you apply the new license, existing projects resume and users can again create new models and use all features.
Apply a new license¶
Note
If you do not already have the new license key, you must first request it from Support.
Once you have the license:
-
Expand the profile icon located in the upper right and click License. The page shows license details, including expiration date, concurrent workers limit, maximum active users, prepaid deployment limit, maximum deployment limit, and in some instances, subscription features:
-
Copy the license key you receive from Support, paste it to the License Key field, and click Validate.
-
Review the details associated with the provided license key and, if correct, click Submit.
When successful, a message in the application banner shows the license is valid, and the tooltip shows the new license expiration date. It may take a few moments for the license change to take effect across your deployed cluster.
Note
The details shown for a specific license are based on your subscription. For more information on license details, contact Support.
Create a user agreement¶
Note
This feature is only available on the Self-Managed AI Platform.
Required permissions: "Can manage users", "Can manage user agreement"
The custom user agreement (also known as "clickthrough agreement") requires users to accept terms in order to access DataRobot. If the deployed cluster is configured to require a clickthrough agreement, each new user created for v5.2 or later is presented with the user agreement by default. For non-LDAP authentication integrations only, you can modify the default settings for a user so they don't see a user agreement when they log in. If the deployed cluster requires a user agreement but a custom agreement was not created, the standard DataRobot Subscription Agreement is presented to new users when they log in.
Users who do not accept the user agreement terms are redirected back to the login page. These users cannot log in and access DataRobot until they explicitly accept the license terms (i.e., they click the Agree button, or the equivalent).
Note
Users authenticated to use DataRobot prior to version 5.2 do not see the agreement and continue to have access to DataRobot as before.
To create the agreement:
-
Expand the profile icon in the upper right and click Manage User Agreement from the dropdown menu. By default, the agreement template appears with the content for the DataRobot Subscription Agreement; you can change some or all of this information to create your custom user agreement.
-
Replace default information as needed to create your custom agreement.
Field Description Title Title for custom user agreement, formatted as plain text (required content; maximum of 200 characters) Body Body content for the agreement; recommended format is HTML (required content; maximum of 200000 characters). If provided as plain text there will be no formatting, including no line breaks. Accept Button Text Label for the Accept button, formatted as plain text (required content; maximum of 30 characters) Decline Button Text Label for the Decline button, formatted as plain text (required content; maximum of 30 characters) -
Click Update to submit the user agreement to DataRobot for immediate use. When successful, you see the message "User agreement was successfully updated." New users configured to see the user agreement will see the updated version when they log in.
Configure SSO SAML¶
Note
Required cluster configuration: "Enable SAML SSO configuration management"
Warning
SSO SAML will be deprecated in an upcoming release. You must configure Enhanced SAML Single Sign-on before DataRobot 7.1. If you need help configuring Enhanced SAML SSO, contact your DataRobot representative.
DataRobot can use external services (Identity Providers, or IdP) for user authentication through Single Sign-On (SSO) technology. DataRobot supports SSO using the SAML (Security Assertion Markup Language) standard protocol. When users log in to a DataRobot cluster configured for SSO, they click a Single Sign-On button which redirects them to the IdP's authentication page. After signing in successfully, users are then redirected to DataRobot.
If supported, configure the identity provider integration settings as follows.
-
Click the profile icon in the top right corner and select APP ADMIN > Manage Users from the dropdown menu.
-
Click Manage SSO and configure the SSO settings described in the table below. When finished, click Create.
| Field | Description |
|---|---|
| Entity Id | Unique identifier. Provided by Identity Provider |
| IdP Metadata URL | Link to XML document with integration specific information |
| Single Sign-On URL | DataRobot URL to redirect user after successful authentication on Identity Provider’s side |
| Single Sign-Out URL | DataRobot URL to redirect user after sign out on Identity Provider’s side |
| Verify IdP Metadata HTTPS Certificate | If selected, the public certificate of the Identity Provider is required |
| User Session Length (sec) | Session cookie expiration time. Default is one month. |
| SP Initiated Method | SAML method used to start authentication negotiation |
| IdP Initiated Method | SAML method used to move user to DataRobot after successful authentication |
| Identity Provider Metadata | XML document with integration specific information (needed if the Identity Provider doesn't provide IdP Metadata URL) |