Metabase

Connect Ploy to Metabase to automatically manage user access and lifecycle. Ploy reads your Metabase user directory—emails, names, active status, and permissions—to enforce governance policies.

Before you begin: You'll need admin access to your Metabase instance to create an API key.

What Ploy needs

Instance URL — the full base URL of your Metabase instance (e.g. https://metabase.company.com)
API Key — prefixed with mb_..., assigned to the Administrators group

Create an API key in Metabase

Go to Admin Settings > Authentication > API Keys
Click Create API Key
Give it a descriptive name (e.g. "Ploy Integration")
Assign it to the Administrators group—Ploy's connection test requires admin-level access to /api/user/current
Copy the mb_... key—it's only shown once

Network access for self-hosted instances

If you're running Metabase on your own infrastructure:

Ploy's servers need HTTPS access (port 443) to your Metabase instance
The URL must be publicly reachable or reachable from Ploy's infrastructure
If behind a VPN or firewall, allowlist Ploy's IPs (contact support for the current list)

This applies to both Metabase Cloud and self-hosted deployments. No OAuth or SAML configuration required—Ploy uses only API key authentication.

What Ploy reads

Ploy accesses only user management endpoints:

User directory: email, name, active status, superuser flag, last login, join date
Not accessed: questions, dashboards, databases, or query results

Once connected, Ploy will sync your Metabase users and begin tracking access for governance and compliance workflows.

Was this helpful?