How can we help?

Configuring Auvik single sign-on with OneLogin

Follow

Auvik allows you to use OneLogin for authentication into Auvik. This allows your users to log in with their OneLogin credentials—they don’t have to remember another set of credentials and you can manage access from a central location.

A different set of authentication methods are supported at each site, and different single sign-on (SSO) configurations are supported in each site. The authentication method for a site applies to users who belong to a specific site. The authentication level determines which site a user belongs to and controls which authentication method they can use.

Auvik supports SAML 2.0 for SSO. There are 4 steps involved:

  1. Configuring SAML in Auvik and OneLogin
  2. Testing the configuration for a single user
  3. Granting your users access to Auvik in OneLogin
  4. Enabling SSO and migrating your users to SSO in Auvik

1. Configuring SAML in Auvik and OneLogin

Obtaining SAML configuration information and certificate from OneLogin

First, you need the SAML 2.0 Endpoint (HTTP), Issuer URL, and X.509 Certificate from OneLogin.

  1. Log in to the OneLogin administrator dashboard.
  2. Go to Apps and click Add Apps.
  3. Search for SAML Test Connector and click SAML Test Connector (IdP).
  4. Enter an App name (e.g. Auvik), an optional icon, and set the app visibility.
  5. Click Save.
  6. Click on the Configuration tab.
  7. Enter the following temporary values, so that you can download the certificate.
    1. ACS (Consumer) URL Validator: ^https:\/\/my\.auvik\.com\/$
    2. ACS (Consumer) URL: https://my.auvik.com/
  8. Click Save.
  9. Click on Parameters.
  10. Set Credentials are to Configured by admin.
  11. Check that NameID (fka Email) is set to Email. This should already be included with this connector.
  12. Click Add Parameter and add the following parameters required by Auvik.

    Name

    Value

    firstName

    First Name

    lastName

    Last Name

    email

    Email



  13. Click Save.
  14. Click the SSO tab.
  15. Copy the Issuer URL and SAML 2.0 Endpoint (HTTP).
  16. Under X.509 Certificate, click View Details.
  17. Set the SHA fingerprint to SHA-256.
  18. Under X.509 Certificate, set the format to X.509 PEM.
  19. Click Download.

Refer to OneLogin documentation on how to set up a SAML application.

Keep the tab open because you’ll need to replace the temporary values in step 7 with the actual values.

Configuring SAML in Auvik

Now, you will configure SAML in Auvik.

  1. Go to the desired site dashboard.
  2. Click Settings in the Auvik navigation menu.
  3. Click the Authentication tab.
  4. Click Browse on the IdP Signature Certificate field to upload your X.509 Certificate from OneLogin. 
  5. Enter the OneLogin Issuer URL in the IdP Issuer URI field and the OneLogin SAML 2.0 Endpoint (HTTP) in the IdP Single Sign-On URL field.
  6. Click Save.
  7. Copy the Audience URI, ACS URL, and RelayState.

Completing SAML configuration in OneLogin

Finally, we’ll complete the configuration in OneLogin.

  1. Click the Configuration tab of the Auvik SAML application in OneLogin.
  2. Enter the following values:

    OneLogin field name

    Auvik field name

    ACS (Consumer) URL

    ACS URL

    ACS (Consumer) URL Validator

    ACS URL with:

    1. ^ at the beginning
    2. $ at the end
    3. backslashes immediately preceding all periods, forward slashes and question marks

    Audience

    Audience URI

    RelayState

    RelayState

    Recipient

    ACS URL

  3. Click Save.

Refer to OneLogin documentation on how to set up a SAML application.

2. Testing your SAML configuration

Once SAML configuration is complete in Auvik and OneLogin, we’ll test the configuration in Auvik. SSO will be temporarily enabled for the test user in Auvik. 

Testing your SAML configuration in Auvik is only available for SAML configurations that aren’t in use.

  1. In OneLogin, grant your test user access to the Auvik SAML application.
    1. Log in to the OneLogin administrator dashboard.
    2. Go to Users and select All Users.
    3. Select the test user.
      • Optionally, you can create a new role with your test user and assign the Auvik application to the new role.
    1. Click the Applications tab.
    2. Click Add (plus icon).
    3. Select Auvik.
  2. In Auvik, go to the desired site dashboard.
    1. Click on Settings in the Auvik navigation menu.
    2. Click on the Authentication tab.
    3. Click Test SSO.
    4. Select the test user.
  3. In an incognito browser window, log into Auvik with your test user using your test user’s OneLogin credentials. You must complete the test in 30 minutes. If you don’t respond in 30 minutes, we’ll restore the previous settings.
  4. In Auvik, click on whether the test user was able to log in.

For additional instructions, see OneLogin documentation on how to assign applications to users and how to assign applications to roles.

3. Granting your users access to Auvik in OneLogin

Users whose accounts have been migrated to SSO can only log in using their OneLogin credentials. Please make sure all users that you want to use SSO in Auvik are in your OneLogin and are configured to have access to the Auvik application.

To grant your other users access to the Auvik application in OneLogin:

  1. Log in to the OneLogin administrator dashboard.
  2. Go to Users and select All Users.
  3. Select the desired users.
    • Optionally, you can create a new role with your desired users and assign the Auvik application to the new role.
  1. Click the Applications tab.
  2. Click Add (plus icon).
  3. Select Auvik.

For additional instructions, see OneLogin documentation on how to assign applications to users and how to assign applications to roles.

4. Enabling SSO and migrating your users to SSO in Auvik

Select the authentication method you want users on this site to use:

  1. Go to the desired site dashboard.
  2. Click Settings in the Auvik navigation menu.
  3. Click the Authentication tab.
  4. Select the desired Authentication Method:
    • Password, Google account, and Microsoft account
    • Single sign-on for selected users
    • Single sign-on for all users
  5. Click Save.

Users whose accounts have been migrated to SSO can only log in through their OneLogin credentials. Please make sure all users that you want to use SSO in Auvik are OneLogin and are configured to have access to Auvik. Currently, Auvik SSO does not support just-in-time provisioning. You must invite the user to Auvik.

If Single sign-on for selected users is selected, this will start the user migration wizard to let you select the users that you want to migrate to SSO. There are three options:

  1. All users that belong to this site
  2. All users that belong to an email domain
  3. Select individual users

After selecting users to migrate, you’ll be asked to confirm your selection and to start the migration. You can migrate more users to SSO at a later time by editing the user. You can also specify that a user must use SSO when you invite them.

If Single sign-on for all users is selected, this will start the user migration wizard to confirm the users that will be migrated to SSO and start the migration. Any users that weren’t migrated will lose authorization to the site. Selecting this option will prevent you from inviting new users that already have an Auvik account—for example, consultants—because they’ll be using a conflicting authentication method. In this scenario, select Single sign-on for selected users.

If your browser tab or window is closed while the migration is in progress, you can view the progress from the Authentication Method pane.

  1. Go to the desired site dashboard.
  2. Click Settings in the Auvik navigation menu.
  3. Click the Authentication tab.

Under Authentication Method, click the See Status link.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request