Configure OneLogin SSO for Distributed Cloud AIP


This page contains information for legacy Threat Stack customers who log into Distributed Cloud AIP using If you log into Distributed Cloud AIP using F5 Distributed Cloud Services (F5XC), see User Management for information about configuring SSO in F5XC using Google, Azure, or Okta.

SAML-based single sign-on (SSO) allows your team members to access F5 Distributed Cloud App Infrastructure Protection (AIP) through an identity provider (IDP) of your choice.

Find a list of the identity providers that Distributed Cloud AIP has partnered with in Configure SSO in Distributed Cloud AIP.

Configuring SAML SSO in OneLogin

  1. Log into OneLogin.
  2. From the Home page, click the Apps tab, then the Add Apps menu option.
  3. Using the Search field, search for "Distributed Cloud AIP".
  4. Select the Distributed Cloud AIP version that supports SAML2.0.1_find_ts.png
  5. On the Configuration tab, click the Save button to add the app to your Company Apps and display additional configuration tabs.2_save_details.png
  6. On the Configuration page, open the SSO tab.3_sso_tab.png
  7. On the SSO tab, download the X.509 Certificate (Public Certificate file). To download the certificate:
  • Click the View Details link. The SAML Cert page displays.4_download.png
  • Click the Download button.5_saml_cert.png
  1. Navigate back to the SSO tab by clicking the <-SAML Cert link.
  2. Copy the two SAML values that you need to provide to Distributed Cloud AIP:
    • Issuer URL - the Identity Provider SAML 2.0 URL in Distributed Cloud AIP
    • SAML 2.0 Endpoint (HTTP) - the Identity Provider Issuer URL in Distributed Cloud AIP


Next time you need to access your Distributed Cloud AIP application, paste the URLs into the Authentication> tab and upload the Public Certificate.

Enter SSO Information in Distributed Cloud AIP

  1. Navigate to the Settings page and open the Authentication tab.TS_Auth_Tab.png
  1. Paste the two SAML values that you copied from OneLogin:
  • Identity Provider SAML 2.0 URL
  • Identity Provider Issuer URL
  1. Upload the X.509 Certificate in the Upload your Public Certificate file section.
  2. Click the Continue button. A confirmation message displays.
  3. Review the confirmation message and click the Proceed and Enable Single Sign-Onbutton.


Before you click the Proceed button: If you or another user uses an email address, such as a personal account, that is not recognized by your company, you will lose access and no longer be able to login to Distributed Cloud AIP after enabling SSO.

  1. Click the Log Out button.
  2. Log back into Distributed Cloud AIP. Authenticate through your organization’s IdP.

Congratulations, you have enabled SSO for your Distributed Cloud AIP organization and authenticated your account. You will receive two follow up emails and your team will receive a notification of SSO enablement for your company.


You and other members of your organization do not have to update your Distributed Cloud AIP accounts until your current session ends. When the current session ends, Distributed Cloud AIP directs you to authenticate using your organization’s IDP the next time you sign in.

Was this article helpful?
0 out of 0 found this helpful