Single sign-on (SSO) permits a user to log in once then use a single user ID and password credential to access multiple, independent systems.

Integration with the following third-party tools is supported for SSO:

  • Active Directory Federation Services (AD FS)
  • Okta
  • Centrify
  • OneLogin

The Troubleshooting and SSO FAQs sections answer common questions about SSO.

Troubleshooting

IssueResolution
Unable to log in after SSO integration but able to log in to SSOLogin.Check that the issuer URL, redirection URL, and certificate are correctly configured. There might also be a username mismatch. Verify that the username is the same as that used for OneLogin.
Able to log in but unable to find some sections, such as Device View, Monitoring, or Reports.Verify that your account has permission to access the sections.
After logging in, redirected to SSOLogin but not permitted to view the landing page.Verify that the user account is privileged to access the application.
Unable to log in to `https://app.opsramp.com` after SSOLogin integration.Verify with Support that a custom branded site is enabled.
Cannot add multiple user accounts.Capture the reported errors and contact Support.
Unable to find the application in the SSOLogin application list.Contact Support.

SSO FAQs

What is SAML SSO capability?

The Security Assertion Markup Language (SAML)-based SSO feature permits users use the same authentication method they use in their local environment.

How does SSO help my organization?

SSO replaces multiple login credentials with a single username and password.

How do I configure user accounts in OneLogin?

You have the option of syncing Active Directory to OneLogin or manually creating user accounts.

Can I integrate and enable SSO for my user accounts?

You are required to have a private branded URL that identifies your organization, such as <partnerwebsitename>.opsramp.com.

Which users can integrate SSOLogin?

Users with Partner and Customer accounts can integrate SSOLogin.

My Enterprise has SSOLogin integration. Can all users in my organization log in using SSOLogin?

All users, both partners and customers, should register with SSOLogin and associate their accounts with OpsRamp to gain access using SSOLogin. Unregistered users cannot log in using SSOLogin even if the enterprise has any SSOLogin integration.

How can I log in using any SSOLogin?

Click OpsRamp in the App panel to access OpsRamp .

Why do I not see the SSOLogin landing page when I log in?

After successfully integrating SSOLogin and logging in using the custom URL, the server redirects you to the SSOLogin screen for authentication. Successfully logging in takes you to the dashboard screen.

Can I have a separate user account name and SSOLogin name?

For auditing purposes, the OpsRamp username and SSOLogin username should be the same. A bulk import option is provided to import usernames from OneLogin.

What happens if a user is deleted from SSOLogin?

Users remain active but cannot log in using the custom URL.

How does SSOLogin integration ensure security?

The required SSO registration process protects against unauthenticated logins.

Does any data exchange occur during SSOLogin integration?

No data, including passwords, are exchanged. All authentication is done by the SSO site.

What happens after a provisioned user is removed from the platform?

The user can no longer access the platform. Make sure to remove the provisioned user from the SSO vendor to avoid re-provisioning the users.

Can a provisioned user log in if the SSO integration is disabled or uninstalled?

A provisioned user cannot log in, if the SSO integration is disabled or uninstalled.
In order to log in, the local administrator has to update the password.

What will happen if the SSO is uninstalled and then another SSO is installed?

The user can log in through the provisioned password.

Can a local user log in when SSO is enabled?

A local user cannot log in when SSO is enabled, because authentication is done by a third party.

Any user-related updates from OpsRamp’s side do not get updated in SSO. Also, user updates from SSO are supported in SAML configuration only.

What would happen if local login name and provisioned user names are identical?

It depends on how SSO configuration has been provisioned for the users:

  • If the prefix option is selected, a new user with the prefix is created. The user can do SSO login with the same login name.
  • If the prefix option is not selected, then the provisioned user will not be able to log in, as a similar user is already present with the same local login name.