AgileData.io Docs

Table Of Contents

2026-05-13 - New Centralised Identity Server: Single Sign-On for All Tenants

Release

AgileData.io - One Login Page for Everyone: Centralised Identity and MCP Authentication

AgileData now has a dedicated identity service that provides a single, consistent login experience for all tenant projects — and serves as the OAuth 2.0 authorisation server that enables AI tools like Claude and Azure Copilot Studio to authenticate with your data platform.

Previously, login was handled separately for each tenant project. The new identity service centralises this: when users navigate to any AgileData tenant application, they are redirected to a single branded login page. The page recognises their tenant, personalises the experience, and handles authentication — then hands them back to their specific application.

The identity service supports Google sign-in (via Google Cloud IAP and Firebase) and Microsoft sign-in (via SAML/Entra ID), making it compatible with both Google Workspace and Microsoft 365 organisations. Microsoft group memberships from Entra flow automatically into AgileData’s access control system, so your existing Entra groups can govern who sees what in the data catalog.

The identity service also acts as a full OAuth 2.0 authorisation server for programmatic clients. AI tools — including Claude Desktop, Claude Code, and Azure Copilot Studio — can now authenticate to AgileData by going through a standard OAuth flow. The AI tool discovers the endpoints, registers itself, walks the user through a browser-based Google login, and receives a token it can use to call AgileData APIs. Tokens are refreshed automatically so sessions stay alive without repeated logins.

What’s New:

• Centralised login page served from a single deployment for all AgileData tenants

• Google sign-in via server-side IAP/GCIP flow (no cross-origin redirect issues)

• Microsoft sign-in via SAML (Entra ID / Azure AD) with optional per-tenant configuration

• Entra group memberships flow into AgileData access control automatically on login

• OAuth 2.0 authorisation server for programmatic MCP clients (RFC 6749 + RFC 7591)

• Firebase refresh tokens stored encrypted (AES-256-GCM) in Firestore for seamless token refresh

• Access control enforced at the IAP layer — “no access” shown clearly before entering the app

• saml_enabled flag per tenant controls whether the Microsoft sign-in button is shown

What this means for you:

• A consistent, branded login experience across all your AgileData environments

• Microsoft (Entra/Azure AD) users can now sign in alongside Google users

• Your Entra security groups govern access automatically — no separate user management in AgileData

• AI tools like Claude and Azure Copilot Studio authenticate with a standard OAuth flow — no manual token management

• Onboarding a new tenant project is faster and more reliable with automated IAP setup

Last Refreshed

Doc Refreshed: 2026-05-13

Table Of Contents

• 2026-05-13 - New Centralised Identity Server: Single Sign-On for All Tenants
  • Release
  • Last Refreshed

arrow_back

Previous

2026-05-13 - WebSocket Connection Token Refreshes Automatically Every Hour

arrow_forward

Next

2026-05-05 - Sign-In Provider Now Visible in Members Screen