Skip to content

Authentication and access control

Authentication and access control are fundamental aspects of any cloud-based platform, ensuring that only authorized users can access resources and data. In the Data Productivity Cloud environment, robust authentication mechanisms and access control measures are implemented to safeguard sensitive information and maintain security.


User authentication

Username/password

The Data Productivity Cloud supports traditional username/password authentication. Users authenticate by providing their unique username and a secure password.

Multi-factor authentication (MFA)

The Data Productivity Cloud offers Multi-Factor authentication. Users are required to provide additional verification, such as a one-time code from a mobile app, in addition to their credentials. Enabling this feature is recommended for added security. Data Productivity Cloud supports integration with various MFA providers for additional security measures. We highly recommend all users use multi-factor authentication.

Integration with identity providers

The Data Productivity Cloud seamlessly integrates with identity providers such as Okta, supporting both SAML and OpenID protocols for Single Sign-On (SSO) functionality. With SSO integration, users can utilize their existing organizational credentials for authentication, simplifying access to the Matillion platform.

Single Sign-On (SSO) integration

The Data Productivity Cloud supports Single Sign-On (SSO) integration, offering a streamlined approach to user authentication and access management. SSO enhances user experience, security, and administrative efficiency by allowing users to access Matillion using their existing credentials from an identity provider (IdP).

Supported login methods

Matillion offers three different ways to log in:

  1. Username/password: Traditional username/password authentication method.
  2. Social login: Users can log in using their Google or Microsoft accounts.
  3. Enterprise login (SSO): Supported by OIDC and SAML protocols via identity providers like Okta, Entra, Keycloak, etc.

Authentication and access control flow


API token management

The Data Productivity Cloud utilizes tokens for API access. Tokens are generated during the authentication and authorization process, where users request an API token using their Client ID and Client Secret. These tokens have a set expiration time to uphold security measures.

To maintain a balance between security and usability, the platform offers mechanisms for token renewal or regeneration. These functionalities ensure that users can continue their activities seamlessly while upholding stringent security protocols.

Token generation

Users will need to request an API token using their Client ID and Client Secret as part of the authentication process, which is detailed in the authentication documentation.

Expiration and renewal

Tokens within the Data Productivity Cloud have a set expiration time to uphold security measures. To maintain a balance between security and usability, the platform offers mechanisms for token renewal or regeneration. These functionalities ensure that users can continue their activities seamlessly while upholding stringent security protocols. You can refer to the documentation for more information.

  • For users authenticating with and using the Data Productivity Cloud, ID tokens last for 10 hours.
  • For the Data Productivity Cloud API, access tokens last for 24 hours.