Set up SAML with OneLogin#
SAML ( Security Assertion Markup Language ) is a standard for exchanging authentication and authorization data between an identity provider and a service provider. To read more about SAML check the dedicated page.
The following is the procedure to setup SAML with OneLogin.
Prerequisite steps in Aiven#
Login to the Aiven Console
2. Under Projects in the top left, click the drop down arrow and then on See All Accounts
Click on the Account you want to edit or create a new one
Select the Authentication tab
5. Create a new Authentication Method, call it OneLogin (or similar) and then choose the team to add invited people to (or leave it blank)
Setup on OneLogin#
Enter OneLogin Administration portal (top right link by your username)
Select Applications and then Add App.
Search for SAML Custom Connector (Advanced) and select it.
Change the Display Name to
Aiven
and add any other visual configurations you like and click Save.
OneLogin configuration#
In the Configuration section of the menu, set the following parameters:
Parameter
Value
ACS URL Validation
[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)
ACS URL
the
ACS URL
displayed in the Aiven authentication method you createdLogin URL
https://console.aiven.io
SAML Initiator
Service Provider
(orOneLogin
if your users will sign in through OneLogin)SAML nameID format
Email
Click Save
In the SSO section of the menu:
Set
SAML Signature Algorithm
toSHA-256
View the certificate and copy the contents
Copy the
Issuer URL
and theSAML 2.0 Endpoint (HTTP)
Click Save
Assign users to this application and head back to Aiven to complete the configuration
Finish the configuration in Aiven#
In the new authentication method, click Edit next to the SAML configuration
Set the
SAML IDP URL
as theSAML 2.0 Endpoint (HTTP)
from OneLoginSet the
SAML Entity ID
as theIssuer URL
from OneLoginPaste the certificate from OneLogin into
SAML Certificate
Do not enable
Enable IdP login
unless you setSAML Initiator
toOneLogin
in your OneLogin applicationSave that and you are good to go! Make sure the authentication method is enabled and you can then use the Signup URL to invite new people and Account link URL for those that already have an Aiven login.
Note
You will need to assign users in OneLogin before the connection will work. If you experience errors, try selecting Reapply entitlement Mappings under More Actions in the Settings of your OneLogin App.
If you have issues, you can use the SAML Tracer browser extension to check the process step by step. The errors shown in the tracker should help you to debug the issues. If it does not work, you can request help by sending an email at support@Aiven.io.