Single Sign-On (SSO) Overview
Single sign-on (SSO) is available to users of the Aqua Advanced and Premier plans.
TABLE OF CONTENTS
SAML Setup Overview
Aqua supports single sign-on (SSO) via SAML 2.0, and is compliant with any SAML 2.0-compliant provider.
To avoid getting locked out of your account, Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Though Aqua supports Service Provider-Initiated (SP-I) SSO, we also support an Identity Provider Initiated (IdP-I)-like option.
The SAML setup process follows the following flow:
- The user prepares a new application for Aqua in the SAML provider using this information.
- The user downloads the XML metadata file associated with this new application.
- The user shares the XML file with support by opening a support ticket.
- Support will configure SAML on Aqua's side and enable one of the user's accounts for testing
- Once the SAML login is confirmed, support will enable the SAML login for all other users
Supported SAML Providers
Aqua supports most any SAML 2.0-compliant provider, including the following (and others):
- Okta
- JumpCloud
- OneLogin
- Auth0
- Active Directory
- Google Apps
Even if you do not see your SAML 2.0-compliant provider in this list, it is probably supported. Please open a support ticket to begin the SAML configuration process.
Disabling SAML
Once enabled, SAML can only be disabled by opening a support ticket with Aqua support.
Did you find it helpful? Yes No
Send feedback