Set up SAML with OneLogin#
This article explains how to set up SAML with OneLogin for an organization in Aiven. For more information on SAML and instructions for other identity providers, see the Set up SAML authentication article.
Prerequisite steps in Aiven Console#
In the organization, click Admin.
Click Add authentication method.
Enter a name and select SAML. You can also select the groups that users will be added to when they sign up or log in through this authentication method.
You are shown two parameters needed to set up the SAML authentication in OneLogin:
Configure SAML on OneLogin#
Log in to the OneLogin Admin console.
Select Applications and click Add App.
Search for SAML Custom Connector (Advanced) and select it.
Change the Display Name to
Add any other visual configurations you want and click Save.
In the Configuration section of the menu, set the following parameters:
ACS URL Validation
ACS URLfrom Aiven Console
OneLoginif your users will sign in through OneLogin)
SAML nameID format
In the SSO section of the menu, set SAML Signature Algorithm to
Copy the certificate content,
SAML 2.0 Endpoint (HTTP). These are needed for the SAML configuration in Aiven Console.
Assign users to this application.
Finish the configuration in Aiven#
Go back to the Authentication page in Aiven Console to enable the SAML authentication method:
Select the name of the OneLogin method that you created.
In the SAML configuration section, click Edit.
Add the configuration settings from OneLogin:
SAML IDP URLto the
SAML 2.0 Endpoint (HTTP)from OneLogin.
SAML Entity IDto the
Issuer URLfrom OneLogin.
Paste the certificate from OneLogin into
If you set
OneLoginin your OneLogin application, then toggle on
Toggle on Enable authentication method at the top of the page.
In the Signup and link accounts URLs section, copy the appropriate link and send it to your users to switch them to the new IdP:
Signup URL: For users that don’t have an Aiven user account and need to create a new Aiven user linked to this IdP.
Account link URL: For users that already have an Aiven user account to link their existing Aiven user with the configured IdP.
If you set up a SAML authentication method before and are now switching to a new IdP, existing users need to log in with the new account link URL to finish the setup.
If you are getting errors, try this:
Go to the app in OneLogin and click Settings.
Under More Actions, select Reapply entitlement Mappings.
If you continue to have issues, you can use the SAML Tracer browser extension to check the process step by step.