Single Sign-On
Overview
The Single Sign-On (SSO) feature in Motadata ObserveOps (formerly known as AIOps) allows users to log in using external identity providers like OneLogin, Okta, Azure AD, or 1Kosmos. This guide explains how to configure SSO for your Motadata ObserveOps environment using the supported protocols and identity providers.
Navigation
Go to Menu. Select Settings 
. After that, Go to User Settings 
. Select Single Sign-On.
Single Sign-On Screen
Service Provider Details
The service provider (SP) represents Motadata ObserveOps in the SSO process, and the following details must be configured in your identity provider's platform:
| Field | Description |
|---|---|
| Service Provider Entity ID | This is the URL that uniquely identifies Motadata ObserveOps. For example, this value is mapped to the EntityID in OneLogin. It is set by default but can be edited. The default value is motadata-sp. |
| Redirect URL | This URL redirects users to the ObserveOps login page when accessing the domain. It is non-editable. For example, this value is mapped to ACS (Consumer) URL in OneLogin. |
| Service Provider Login URL | The URL that Motadata ObserveOps uses for authentication. This is a non-editable field. For example, this value is mapped to the Login URL in OneLogin. |
| Service Provider Logout URL | This URL handles sign-out requests from Motadata ObserveOps. It is non-editable. For example, this value is mapped to Single Logout URL in OneLogin. |
Identity Provider Details
Motadata ObserveOps supports integration with the following identity providers (IdP):
OneLogin, Okta, 1Kosmos, Azure AD, Other
When configuring the identity provider, select either Upload Metadata File or Configure Manually as Identity Provider Configuration to proceed.
If you select Other as Identity Provider, then give the specific Identity Provider Name.
If Uploading Metadata File
| Field | Description |
|---|---|
| Identity Provider Metadata File | Upload the metadata file provided by your identity provider to automatically populate the IdP details. This option is only available when you select Upload Metadata File in the previous field. |
If Configuring Manually
When you choose to configure manually, fill in the following fields with the details provided by your identity provider:
| Field | Description |
|---|---|
| Identity Provider Entity ID | This field is used by Motadata ObserveOps to verify SAML responses from the identity provider. For example, This field can be mapped with the 'Issuer URL' provided by OneLogin. |
| Identity Provider Login URL | It directs users to the IdP login page for authentication. For example, this field can be mapped to the SAML 2.0 Endpoint (HTTP) provided by OneLogin. |
| Identity Provider Logout URL | This URL handles logout requests initiated from the service provider. For Example, this field can be mapped to the 'Single Logout (SLO) Endpoint (HTTP)' provided by OneLogin. |
| NameID Format | This field defines how the subject (user) is identified between the service provider and identity provider. Ensure that both SP and IdP use the same NameID format. Supported formats in Motadata ObserveOps include: Email, Persistent, Transient, and Unspecified. |
| IdP X.509 Certificate | You can either manually configure the certificate details or upload the IdP certificate file. The certificate is used to validate the IdP’s digital signature. |
| Identity Provider Fingerprint | If configuring manually, find the fingerprint value in the metadata file within the <ds:X509Certificate> tags. You can also upload the certificate directly if available from the IdP. |
Saving and Testing the Connection
After completing the required fields, click Save to initiate the connection process. A side pop-up will indicate that the process has started.
- If the connection is successful, you will see the message:
"An integration with identity provider: <IdP> for Single Sign-On is completed successfully." - If the connection fails, the message will display:
"An integration with identity provider: <IdP> for Single Sign-On failed!"
Once the connection is successful, the SSO configuration will be active, and users can authenticate through the selected IdP.
This structured guide provides a clear step-by-step approach for configuring SSO in Motadata ObserveOps, ensuring users understand both automatic and manual configuration methods for their identity providers.
Authentication Process with Single Sign-On
Once a user logs in to Motadata ObserveOps using Single Sign-On, the system follows a verification sequence:
- Initially, the system checks if the user already exists in the User Settings within Motadata ObserveOps.
- If the user is not found in User Settings, the system then verifies the user with the configured Identity Provider (IdP).
- If the user is successfully authenticated through the IdP, they are granted access to Motadata ObserveOps using SSO. Subsequently, the system adds the user to User Settings for future reference.
This process ensures effortless access for users authenticated through SSO, maintaining synchronization between User Settings and the configured IdP.