OIDC Setup Instructions
TABLE OF CONTENTS
Background
Aqua supports OIDC single sign-in with any OIDC-compatible provider. Please see the information below for requesting an OIDC integration sign-in.
IdP OIDC setup
Your IdP may require some or all of these settings:
| Setting | Value |
| OIDC Redirect URL (US) | https://cloudsploit.auth.us-east-1.amazoncognito.com/oauth2/idpresponse |
| OIDC Redirect URL (asia-1) | https://auth-sg-prod.auth.ap-southeast-1.amazoncognito.com/oauth2/idpresponse |
| OIDC Redirect URL (asia-2) | https://auth-kr-prod.auth.ap-northeast-2.amazoncognito.com/oauth2/idpresponse |
| OIDC Redirect URL (eu-1) | https://auth-eu-prod.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse |
| OIDC Attributes | email Note: This attribute must be set and mapped to the user's email address. |
| Scopes | openid email profile |
The OIDC Redirect URLs are specific to each Aqua environment. If you are using an environment that isn't listed above, this document needs to be updated to include the details for that specific environment.
Settings to provide to Aqua
Once you have configured the OIDC IdP, you need to provide the following settings to Aqua via a support ticket:
- Client ID
- Client Secret
- Issuer URL
Next steps
After opening a support ticket with the above details, Aqua will configure our integration and provide an SSO URL for testing. If it works, we can then enable the OIDC integration for all users in your account.
Did you find it helpful? Yes No
Send feedbackSorry we couldn't be helpful. Help us improve this article with your feedback.