SAML setup overview

Aqua supports single sign-on (SSO) via SAML 2.0, and is compliant with any SAML 2.0-compliant provider. 

To prevent you from getting locked out of your account, Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Aqua supports both Service Provider-Initiated (SP-I) SSO and an Identity Provider Initiated (IdP-I)-like option.

The SAML setup process is as follows:

  1. The user prepares a new application for Aqua in the SAML provider using the SAML Setup Instructions.
  2. The user downloads the XML metadata file associated with this new application.
  3. The user opens a support ticket to share the XML file with Aqua Support.
  4. Aqua Support configures SAML on Aqua Platform and enables one of the user accounts for testing.
  5. Once SAML login has been confirmed, Aqua Support enables SAML login for all other users.

Supported SAML providers

Aqua supports most any SAML 2.0-compliant provider, including the following (and others):

  • Okta
  • JumpCloud
  • OneLogin
  • Auth0
  • Active Directory
  • Google Apps

Even if you do not see your SAML 2.0-compliant provider in this list, it is probably supported. Please open a support ticket to begin the SAML configuration process.

Disabling SAML

Once enabled, SAML can be disabled only by opening a support ticket with Aqua Support.