SAML-based single sign-on (SSO) allows your team members to access App Infrastructure Protection (AIP) through an identity provider (IDP) of your choice.
A list of the identity providers that we’ve partnered with can be found in How To Configure SSO.
Configuring SAML SSO in OneLogin
- Log into AIP.
- From the Home page, click the Apps tab, then the Add Apps menu option.
- Using the Search field, search for "AIP".
- Select the AIP version that supports SAML2.0.
- On the Configuration tab, click the Save button to add the app to your Company Apps and display additional configuration tabs.
- On the Configuration page, open the SSO tab.
- On the SSO tab, download the X.509 Certificate (Public Certificate file). To download the certificate:
- Click the View Details link. The SAML Cert page displays.
- Click the Download button.
- Navigate back to the SSO tab by clicking the <-SAML Cert link.
- Copy the two SAML values that you need to provide to AIP:
- Issuer URL - the Identity Provider SAML 2.0 URL in AIP
- SAML 2.0 Endpoint (HTTP) - the Identity Provider Issuer URL in AIP
Next time you need to access your AIP application, paste the URLs into the Authentication> tab and upload the Public Certificate.
Enter SSO Information in AIP
- Navigate to the Settings page and open the Authentication tab.
- Paste the two SAML values that you copied from OneLogin:
- Identity Provider SAML 2.0 URL
- Identity Provider Issuer URL
- Upload the X.509 Certificate in the Upload your Public Certificate file section.
- Click the Continue button. A confirmation message displays.
- Review the confirmation message and click the Proceed and Enable Single Sign-Onbutton.
Before you click the Proceed button: If you or another user uses an email address, such as a personal account, that is not recognized by your company, you will lose access and no longer be able to login to AIP after enabling SSO.
- Click the Log Out button.
- Log back into AIP. Authenticate through your organization’s IdP.
Congratulations, you have enabled SSO for your AIP organization and authenticated your account. You will receive two follow up emails and your team will receive a notification of SSO enablement for your company.
You and other members of your organization do not have to update your AIP accounts until your current session ends. When the current session ends, AIP directs you to authenticate using your organization’s IDP the next time you sign in.