Skip to main content

IDP Management

The IDP Management page lets you create and manage user groups in external identity providers (IdPs) such as Okta and Keycloak, and view your SAML configuration details.

Click IDP Management on the left-navigation bar to open the IDP Management page.

Visibility

The IDP Management page is available under Environment management only for environments that use their own external IdPs. If your environment has no external IdPs configured, the IDP Management option will appear in the navigation but cannot be accessed.

IDP Management page

The IDP Management page includes the following sections:

  1. SAML type configuration information
  2. Create Group section
  3. Configured Groups section

SAML configuration information

The SAML configuration section shows read-only metadata about your current SAML IdP configuration. Use this section to verify that Admin Center settings match your IdP setup.

This section displays:

  • SAML Type (for example, SAML 2.0)
  • URL fields (such as SSO URL or metadata URL)
  • Destination details
  • Audience
  • HREFs for certificates and other SAML attributes

SAML configuration section

Note

The values are read-only and cannot be modified from Admin Center.

Create Groups

Using Create Group, you can add new user groups to your organization. These groups correspond to groups defined in your IdP (for example, Okta or Keycloak) and can be used to assign permissions for users within your H2O AI Managed Cloud environment.

How group naming works

When you create a group:

  • You enter only the logical group name. For example: data_science.
  • H2O automatically prefixes the name with h2o-<environment-id>- (H2O-dash-environment-ID).
  • You do not need to type the prefix.

For example, if you enter data_science, the stored group name might be h2o-1234-data_science, where 1234 is your environment ID.

Create one or more groups

To create groups:

  1. In the Create Group section, enter one or more group names.
  2. Separate multiple groups with commas. For example: data_science, analytics_team.
  3. Click Create Group.

Create group

note

Group names cannot contain spaces. Use hyphens or underscores instead.

When you click Create Group:

  • Each comma-separated value becomes a new group.
  • The system applies the h2o-<environment-id>- prefix to each group automatically.
  • Newly created groups appear in the Configured Groups section.
  • Admin Center saves mappings for these group names. It does not create or modify groups inside Okta or Keycloak.

Configured Groups

The Configured Groups section lists all user-created IDP groups for the current environment. Use this section to review existing groups and remove groups that are no longer needed.

This section shows:

  • All groups created through the Create Group section.
  • Group identifiers with the automatic h2o-<environment-id>- prefix.

Manage individual or bulk groups

You can remove a single group or multiple groups when they are no longer required:

  1. Select the group(s) in the list.
  2. Click Delete Selection for the group(s).

Delete group

note
  • The group is removed from the list.
  • Users mapped only to that group lose access associated with that group.
Feedback