TABLE OF CONTENTS


Background

Aqua supports OIDC single sign-in with any OIDC-compatible provider. Please see the information below for requesting an OIDC integration sign-in.


IdP OIDC setup

Your IdP may require some or all of these settings:


SettingValue
OIDC Redirect URL (US)https://cloudsploit.auth.us-east-1.amazoncognito.com/oauth2/idpresponse
OIDC Redirect URL (asia-1)https://auth-sg-prod.auth.ap-southeast-1.amazoncognito.com/oauth2/idpresponse
OIDC Redirect URL (asia-2)https://auth-kr-prod.auth.ap-northeast-2.amazoncognito.com/oauth2/idpresponse
OIDC Redirect URL (eu-1)https://auth-eu-prod.auth.eu-central-1.amazoncognito.com/oauth2/idpresponse
OIDC Attributesemail

Note: This attribute must be set and mapped to the user's email address.
Scopesopenid email profile


The OIDC Redirect URLs are specific to each Aqua environment. If you are using an environment that isn't listed above, this document needs to be updated to include the details for that specific environment.


Settings to provide to Aqua

Once you have configured the OIDC IdP, you need to provide the following settings to Aqua via a support ticket:

  1. Client ID
  2. Client Secret
  3. Issuer URL


Next steps

After opening a support ticket with the above details, Aqua will configure our integration and provide an SSO URL for testing. If it works, we can then enable the OIDC integration for all users in your account.