Single sign on is available to users of the Aqua Advanced and Premier plans.
Aqua supports single sign-on via SAML 2.0 and is compliant with any SAML 2.0-compliant provider. Enabling SAML involves a process between the user and support.
TABLE OF CONTENTS
SAML Setup Overview
To avoid getting locked out of your account, Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Though Aqua supports Service Provider-Initiated (SP-I) SSO, we also support an Identity Provider Initiated (IdP-I)-like option.
The SAML setup process follows the following flow:
- The user prepares a new application for Aqua in the SAML provider using the information here.
- The user downloads the XML metadata file associated with this new application.
- The user shares the XML file with support by opening a support ticket.
- Support will configure SAML on Aqua's side and enable one of the user's accounts for testing
- Once the SAML login is confirmed, support will enable the SAML login for all other users
Supported SAML Providers
Aqua supports any SAML 2.0-compliant provider, including:
- Okta
- JumpCloud
- OneLogin
- Auth0
- Active Directory
- Google Apps
- ...many others
Disabling SAML
Once enabled, SAML can only be disabled by opening a support ticket with Aqua support.