Can I give users multiple ways to authenticate to a repository?

Yes. You can set a repository to allow both SSO authentication and native authentication. (SSO authentication relies on your identity provider (IdP) platform. Native authentication uses credentials defined in the database or repository system itself.) What you cannot do is set a single repository to give users the choice of multiple SSO platforms; that is, there is a limit of one IdP system per repository.


When you add SSO authentication to a repository, you can keep support for native authentication as follows:

  1. In the Cyral control plane UI, select the repository. 
  2. In the Advanced tab choose your IdP integration (for example, your Okta or G Suite) as the Identity provider from the drop down.
  3. Select the checkbox Allow native authentication

For more configuration information, see Set the identity provider for the repository


Once you've made the settings above, your users can connect to the repository using their SSO credentials or using a native repository account:

  • To connect as an SSO user, the person logging in must prefix their username with the string idp: in the connection string. That is if connecting as the SSO user, userid has to be provided as
  • To connect with native credentials, the user just provides their userid and credentials as defined in the database system or repository. There is no need for any prefix in the connection string. For example, the credentials portion of a MongoDB login might look like: --username frankhardy --password V8j^5+k_aW

For more login instructions, see Connect to a repository.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.