Single sign-on (SSO) is available to users of the Aqua Advanced and Premier plans.


SAML Setup Overview

Aqua supports single sign-on (SSO) via SAML 2.0, and is compliant with any SAML 2.0-compliant provider. 

To avoid getting locked out of your account, Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Though Aqua supports Service Provider-Initiated (SP-I) SSO, we also support an Identity Provider Initiated (IdP-I)-like option.

The SAML setup process follows the following flow:

  1. The user prepares a new application for Aqua in the SAML provider using this information.
  2. The user downloads the XML metadata file associated with this new application.
  3. The user shares the XML file with support by opening a support ticket.
  4. Support will configure SAML on Aqua's side and enable one of the user's accounts for testing
  5. Once the SAML login is confirmed, support will enable the SAML login for all other users

Supported SAML Providers

Aqua supports most any SAML 2.0-compliant provider, including the following (and others):

  • Okta
  • JumpCloud
  • OneLogin
  • Auth0
  • Active Directory
  • Google Apps

Even if you do not see your SAML 2.0-compliant provider in this list, it is probably supported. Please open a support ticket to begin the SAML configuration process.

Disabling SAML

Once enabled, SAML can only be disabled by opening a support ticket with Aqua support.