Single Sign-On

Provides Single Sign-On (SSO) information including best practices, troubleshooting, and FAQs.

Leave Feedback

Introduction

Prerequisites

  • Partners must register with OpsRamp to receive OpsRamp login credentials.
  • Provide your custom branding URL (such as <yourwebsitename>.opsramp.com).

Best practices

Use these guidelines to ensure secure access for SSO login.

  • Do NOT save passwords in the browser. Based on the type of the browser, perform the following actions:
    • Mozilla Firefox: Always check Never Remember Password for this Site option in the browser when asked for Would you like to remember the password for USER on SSOlogin.com?
    • Internet Explorer: Select Don’t Ask Again option.
    • MAC Safari: Select Never for this Website option.
    • Google Chrome: Select Never for this site option.
  • The Partner must remove OpsRamp terminated SSO provisioned users from the respective SSO tool. Otherwise, OpsRamp creates another account for the terminated users.

Troubleshooting

Common Issues and Resolution
Common IssuesSteps to Resolve
Unable to log into OpsRamp after SSO integration. Note: I am able to login to SSO Login.Check the 3 items (Issuer URL, Redirection URL and Certificate) to ensure they are configured correctly in OpsRamp. There could be a mismatch in the username. Check username to ensure it is same as in OneLogin.
Able to log into OpsRamp but unable to find certain sections (for example, Device View, Monitoring, Reports etc.)Check for the permissions of your account to access these sections.
Logged into OpsRamp, got redirected with successful authentication to SSO Login but not allowed to view OpsRamp landing page.User does not have permission to OpsRamp App in SSO Login. Please check your account privileges in SSO Login.
Unable to login to the URL `https://app.opsramp.com` after SSO Login integration in OpsRamp.The site you are logging is not a custom branded site. Please check with OpsRamp Support to enable a custom branded site.
Could not add multiple user accounts in OpsRamp.Capture the errors shown in and contact OpsRamp Support.
Unable to find OpsRamp App in the SSO Login Apps list.It could be related to OpsRamp App partnership with SSOLogin. Contact OpsRamp Support.

FAQs

This section provides frequently asked questions.

What is SAML Single Sign-On capability?

SAML (Security Assertion Markup Language) based Single Sign-On (SSO) feature will benefit our customer base. The SSO capability provides all partner companies and their user accounts to access OpsRamp secured platform with full control from their existing authentication mechanisms. Partners can now configure their Providers (SSO service providers) for access into OpsRamp.

How does Single Sign-On help my organization?

With the Single Sign-On, you can avoid the hassle of creating and remembering multiple logins and passwords. This helps you manage your accounts with ease.

How do I configure user accounts in OneLogin?

One option is to sync up your Active Directory (AD) to OneLogin. Alternatively, users can be created manually. My Organization does not have a OpsRamp custom branded URL?

Can I integrate and enable Single Sign-On for my user accounts?

No. It is mandatory to have a private branded OpsRamp URL in order to identify your organization.

What type of users can integrate SSO Login with OpsRamp?

Users with Partner and Customer accounts.

My Enterprise has SSO Login integration with OpsRamp. Does it mean all users in my organization can login via SSO Login?

All users (partners and customers) should register with any SSO Login and associate these accounts with OpsRampin order to be able to access via SSO Login. Unregistered users will not be able to login via SSO Login even though the enterprise has any SSO Login integration.

How can I login via any SSO Login?

Click on OpsRampunder App panel to navigate user to OpsRamp.

Why am I seeing any SSO Login landing page when I tried to login via OpsRamp?

After a successful integration between OpsRamp and any SSO Login, when the user tries to log on to customer branded OpsRamp (such as <yourwebsitename>.opsramp.com) directly, OpsRamp server redirects you to the SSO Login screen for authentication. On successful authentication, the user is directed back to the OpsRamp’s dashboard page.

Can I have a separate user account name and login from any SSO Login and OpsRamp?

OpsRamp username and SSO Login username should be the same for the purpose of auditing. Bulk import option can be used to import usernames from OneLogin so that usernames are the same in OpsRamp.

What happens if any user is deleted in any SSO Login?

In addition, will the user be allowed to login to OpsRamp (such as <yourwebsitename>.opsramp.com)? No. Users are active in OpsRamp but cannot login to <yourwebsitename>.opsramp.com.

How can I assure any SSO Login integrated user security?

Any SSO registration process is mandatory on OpsRamp to ensure unauthenticated logins.

Is there any data exchange happening in this integration process?

No data, passwords or any other information is exchanged. It is just the redirection of web page, all authentications happen on the SSO sites.

What happens after a provisioned user in Opsramp is terminated?

The user can no longer access OpsRamp. The partner must remove the provisioned user from their SSO tool to avoid the provisioning of users again in OpsRamp.

External references