Single sign on is available to users of the Aqua Advanced and Premier plans.


Aqua supports single sign-on via SAML 2.0 and is compliant with any SAML 2.0-compliant provider. Enabling SAML involves a process between the user and support.


TABLE OF CONTENTS


SAML Setup Overview

To avoid getting locked out of your account, Aqua will configure SAML through a support ticket process. For security purposes, SAML cannot be disabled by your end-users once it is enabled. Though Aqua supports Service Provider-Initiated (SP-I) SSO, we also support an Identity Provider Initiated (IdP-I)-like option.


The SAML setup process follows the following flow:

  1. The user prepares a new application for Aqua in the SAML provider using the information here.
  2. The user downloads the XML metadata file associated with this new application.
  3. The user shares the XML file with support by opening a support ticket.
  4. Support will configure SAML on Aqua's side and enable one of the user's accounts for testing
  5. Once the SAML login is confirmed, support will enable the SAML login for all other users


Supported SAML Providers

Aqua supports any SAML 2.0-compliant provider, including:

  • Okta
  • JumpCloud
  • OneLogin
  • Auth0
  • Active Directory
  • Google Apps
  • ...many others


Disabling SAML

Once enabled, SAML can only be disabled by opening a support ticket with Aqua support.