Single Sign-On
Overview
The Single Sign-On (SSO) feature in Motadata AIOps allows users to log in using external identity providers like OneLogin, Okta, Azure AD, or 1Kosmos. This guide explains how to configure SSO for your Motadata AIOps environment using the supported protocols and identity providers.
Navigation
Go to Menu. Select Settings 
. After that, Go to User Settings 
. Select Single Sign-On.
Single Sign-On Screen
Service Provider Details
The service provider (SP) represents Motadata AIOps in the SSO process, and the following details must be configured in your identity provider's platform:
| Field | Description |
|---|---|
| Service Provider Entity ID | This is the URL that uniquely identifies Motadata AIOps. For example, this value is mapped to the EntityID in OneLogin. It is set by default but can be edited. The default value is motadata-sp. |
| Redirect URL | This URL redirects users to the AIOps login page when accessing the domain. It is non-editable. For example, this value is mapped to ACS (Consumer) URL in OneLogin. |
| Service Provider Login URL | The URL that Motadata AIOps uses for authentication. This is a non-editable field. For example, this value is mapped to the Login URL in OneLogin. |
| Service Provider Logout URL | This URL handles sign-out requests from Motadata AIOps. It is non-editable. For example, this value is mapped to Single Logout URL in OneLogin. |
Identity Provider Details
Motadata AIOps supports integration with the following identity providers (IdP):
OneLogin, Okta, Azure AD, 1Kosmos
When configuring the identity provider, select either Upload Metadata File or Configure Manually to proceed.
If Uploading Metadata File
| Field | Description |
|---|---|
| Identity Provider Metadata File | Upload the metadata file provided by your identity provider to automatically populate the IdP details. This option is only available when you select Upload Metadata File in the previous field. |
If Configuring Manually
When you choose to configure manually, fill in the following fields with the details provided by your identity provider:
| Field | Description |
|---|---|
| Identity Provider Entity ID | This field is used by Motadata AIOps to verify SAML responses from the identity provider. For example, This field can be mapped with the 'Issuer URL' provided by OneLogin. |
| Identity Provider Login URL | It directs users to the IdP login page for authentication. For example, this field can be mapped to the SAML 2.0 Endpoint (HTTP) provided by OneLogin. |
| Identity Provider Logout URL | This URL handles logout requests initiated from the service provider. For Example, this field can be mapped to the 'Single Logout (SLO) Endpoint (HTTP)' provided by OneLogin. |
| NameID Format | This field defines how the subject (user) is identified between the service provider and identity provider. Ensure that both SP and IdP use the same NameID format. Supported formats in Motadata AIOps include: Email, Persistent, Transient, and Unspecified. |
| IdP X.509 Certificate | You can either manually configure the certificate details or upload the IdP certificate file. The certificate is used to validate the IdP’s digital signature. |
| Identity Provider Fingerprint | If configuring manually, find the fingerprint value in the metadata file within the <ds:X509Certificate> tags. You can also upload the certificate directly if available from the IdP. |
Saving and Testing the Connection
After completing the required fields, click Save to initiate the connection process. A side pop-up will indicate that the process has started.
- If the connection is successful, you will see the message:
"An integration with identity provider: <IdP> for Single Sign-On is completed successfully." - If the connection fails, the message will display:
"An integration with identity provider: <IdP> for Single Sign-On failed!"
Once the connection is successful, the SSO configuration will be active, and users can authenticate through the selected IdP.
This structured guide provides a clear step-by-step approach for configuring SSO in Motadata AIOps, ensuring users understand both automatic and manual configuration methods for their identity providers.
Authentication Process with Single Sign-On
Once a user logs in to Motadata AIOps using Single Sign-On, the system follows a verification sequence:
- Initially, the system checks if the user already exists in the User Settings within Motadata AIOps.
- If the user is not found in User Settings, the system then verifies the user with the configured Identity Provider (IdP).
- If the user is successfully authenticated through the IdP, they are granted access to Motadata AIOps using SSO. Subsequently, the system adds the user to User Settings for future reference.
This process ensures effortless access for users authenticated through SSO, maintaining synchronization between User Settings and the configured IdP.