Set up SAML with OneLogin#
SAML ( Security Assertion Markup Language ) is a standard for exchanging authentication and authorization data between an identity provider and a service provider. To read more about SAML check the dedicated page.
The following is the procedure to setup SAML with OneLogin.
Prerequisite steps in Aiven#
Login to the Aiven Console
2. Under Projects in the top left, click the drop down arrow and then on See All Accounts
Click on the Account you want to edit or create a new one
Select the Authentication tab
5. Create a new Authentication Method, call it OneLogin (or similar) and then choose the team to add invited people to (or leave it blank)
Setup on OneLogin#
Enter OneLogin Administration portal (top right link by your username)
Select Applications and then Add App.
Search for SAML Custom Connector (Advanced) and select it.
Change the Display Name to
Aivenand add any other visual configurations you like and click Save.
In the Configuration section of the menu, set the following parameters:
ACS URL Validation
ACS URLdisplayed in the Aiven authentication method you created
OneLoginif your users will sign in through OneLogin)
SAML nameID format
In the SSO section of the menu:
SAML Signature Algorithmto
View the certificate and copy the contents
Issuer URLand the
SAML 2.0 Endpoint (HTTP)
Assign users to this application and head back to Aiven to complete the configuration
Finish the configuration in Aiven#
In the new authentication method, click Edit next to the SAML configuration
SAML IDP URLas the
SAML 2.0 Endpoint (HTTP)from OneLogin
SAML Entity IDas the
Issuer URLfrom OneLogin
Paste the certificate from OneLogin into
Do not enable
Enable IdP loginunless you set
OneLoginin your OneLogin application
Save that and you are good to go! Make sure the authentication method is enabled and you can then use the Signup URL to invite new people and Account link URL for those that already have an Aiven login.
You will need to assign users in OneLogin before the connection will work. If you experience errors, try selecting Reapply entitlement Mappings under More Actions in the Settings of your OneLogin App.
If you have issues, you can use the SAML Tracer browser extension to check the process step by step. The errors shown in the tracker should help you to debug the issues. If it does not work, you can request help by sending an email at support@Aiven.io.