Single Sign-On
Overview
The Single Sign-On (SSO) feature in Motadata AIOps allows users to log in using external identity providers like OneLogin, Okta, Azure AD, or 1Kosmos. This guide explains how to configure SSO for your Motadata AIOps environment using the supported protocols and identity providers.
Navigation
Go to Menu. Select Settings . After that, Go to User Settings . Select Single Sign-On.
Single Sign-On Screen
Choose the Preferred Protocol
- SAML 2.0 is the default protocol for SSO configuration in Motadata AIOps. Select this option if you are using SAML-based authentication.
Service Provider Details
The service provider (SP) represents Motadata AIOps in the SSO process, and the following details must be configured in your identity provider's platform:
Field | Description |
---|---|
Service Provider Entity ID | This is the URL that uniquely identifies Motadata AIOps. For example, this value is mapped to the EntityID in OneLogin. It is set by default but can be edited. The default value is motadata-sp. |
Redirect URL | This URL redirects users to the AIOps login page when accessing the domain. It is non-editable. For example, this value is mapped to ACS (Consumer) URL in OneLogin. |
Service Provider Login URL | The URL that Motadata AIOps uses for authentication. This is a non-editable field. For example, this value is mapped to the Login URL in OneLogin. |
Service Provider Logout URL | This URL handles sign-out requests from Motadata AIOps. It is non-editable. For example, this value is mapped to Single Logout URL in OneLogin. |
Identity Provider Details
Motadata AIOps supports integration with the following identity providers (IdP):
OneLogin, Okta, Azure AD, 1Kosmos
When configuring the identity provider, select either Upload Metadata File or Configure Manually to proceed.
If Uploading Metadata File
Field | Description |
---|---|
Identity Provider Metadata File | Upload the metadata file provided by your identity provider to automatically populate the IdP details. This option is only available when you select Upload Metadata File in the previous field. |
If Configuring Manually
When you choose to configure manually, fill in the following fields with the details provided by your identity provider:
Field | Description |
---|---|
Identity Provider Entity ID | This field is used by Motadata AIOps to verify SAML responses from the identity provider. For example, This field can be mapped with the 'Issuer URL' provided by OneLogin. |
Identity Provider Login URL | It directs users to the IdP login page for authentication. For example, this field can be mapped to the SAML 2.0 Endpoint (HTTP) provided by OneLogin. |
Identity Provider Logout URL | This URL handles logout requests initiated from the service provider. For Example, this field can be mapped to the 'Single Logout (SLO) Endpoint (HTTP)' provided by OneLogin. |
NameID Format | This field defines how the subject (user) is identified between the service provider and identity provider. Ensure that both SP and IdP use the same NameID format. Supported formats in Motadata AIOps include: Email, Persistent, Transient, and Unspecified. |
IdP X.509 Certificate | You can either manually configure the certificate details or upload the IdP certificate file. The certificate is used to validate the IdP’s digital signature. |
Identity Provider Fingerprint | If configuring manually, find the fingerprint value in the metadata file within the <ds:X509Certificate> tags. You can also upload the certificate directly if available from the IdP. |
Saving and Testing the Connection
After completing the required fields, click Save to initiate the connection process. A side pop-up will indicate that the process has started.
- If the connection is successful, you will see the message:
"An integration with identity provider: <IdP> for Single Sign-On is completed successfully."
- If the connection fails, the message will display:
"An integration with identity provider: <IdP> for Single Sign-On failed!"
Once the connection is successful, the SSO configuration will be active, and users can authenticate through the selected IdP. You will also see the import icon under the Users section in User Settings, indicating the integration.
This structured guide provides a clear step-by-step approach for configuring SSO in Motadata AIOps, ensuring users understand both automatic and manual configuration methods for their identity providers.
Importing Users from Identity Providers
Once the SSO integration is successfully established, you can proceed to import users from your chosen identity provider.
To import users, follow the steps below:
Click on the Import Icon
After configuring the SSO settings, navigate to User Settings. Click on the Import icon. This will initiate the user import process.
Choose the Identity Provider
A pop-up will appear, providing options to select the identity provider from which you wish to import users. The supported identity providers include:
- Okta
- OneLogin
- Azure AD
- 1Kosmos
Depending on the identity provider selected, specific configurations and user details will be pulled into Motadata AIOps.
Once authenticated, all the users from the configured identity provider which have permission to access Motadata AIOps will be imported into Motadata AIOps.
By following these steps, you can seamlessly integrate your users from external identity providers into Motadata AIOps, ensuring a unified authentication process across your organization.