TABLE OF CONTENTS
Introduction
Aqua CSPM supports single sign-on via SAML 2.0 and is compliant with any SAML 2.0-compliant provider. Enabling SAML involves a process between the user and support.
SAML setup overview
To avoid getting locked out of your account, the Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Though Aqua supports Service Provider-Initiated (SP-I) SSO, we also support an Identity Provider Initiated (IdP-I)-like option.
The SAML setup process follows the following flow:
- The user prepares a new application for Aqua in the SAML provider using the information here.
- The user downloads the XML metadata file associated with this new application.
- The user shares the XML file with support by opening a support ticket.
- Support will configure SAML on Aqua's side and enable one of the user's accounts for testing
- Once the SAML login is confirmed, support will enable the SAML login for all other users
Supported SAML providers
Aqua supports any SAML 2.0-compliant provider, including:
- Okta
- JumpCloud
- OneLogin
- Auth0
- Active Directory
- Google Apps
- ...many others
If you do not see your provider on the list, it is likely still supported, as long as it is SAML 2.0-compliant. Please open a support ticket to begin the SAML configuration process.
Disabling SAML
Once enabled, SAML can only be disabled by opening a support ticket with Aqua support.