Single sign-on (SSO) permits a user to log in once then use a single user ID and password credential to access multiple, independent systems.

Integration with the following third-party tools is supported for SSO:

  • Active Directory Federation Services (AD FS)
  • Okta
  • Centrify
  • OneLogin

The Troubleshooting and SSO FAQs sections answer common questions about SSO.

Troubleshooting

IssueResolution
Unable to log in after SSO integration but able to log in to SSOLogin.Check that the issuer URL, redirection URL, and certificate are correctly configured. There might also be a username mismatch. Verify that the username is the same as that used for OneLogin.
Able to log in but unable to find some sections, such as Device View, Monitoring, or Reports.Verify that your account has permission to access the sections.
After logging in, redirected to SSOLogin but not permitted to view the OpsRamp landing page.Verify that the user account is privileged to access the OpsRamp application.
Unable to log in to `https://app.opsramp.com` after SSOLogin integration.Verify with OpsRamp Support that a custom branded site is enabled.
Cannot add multiple user accounts.Capture the reported errors and contact OpsRamp Support.
Unable to find the OpsRamp application in the SSOLogin application list.Contact OpsRamp Support.

SSO FAQs

What is SAML SSO capability?

The Security Assertion Markup Language (SAML)-based SSO feature permits users use the same authentication method they use in their local environment.

How does SSO help my organization?

SSO lets you replace multiple login credentials with a single username and password.

How do I configure user accounts in OneLogin?

You have the option of syncing Active Directory to OneLogin or manually creating user accounts.

Can I integrate and enable SSO for my user accounts?

You are required to have a private branded OpsRamp URL that identifies your organization, such as <partnerwebsitename>.opsramp.com.

Which users can integrate SSOLogin?

Users with Partner and Customer accounts can integrate SSOLogin.

My Enterprise has SSOLogin integration. Can all users in my organization log in using SSOLogin?

All users, both partners and customers, should register with SSOLogin and associate their accounts with OpsRamp to gain access using SSOLogin. Unregistered users cannot log in using SSOLogin even if the enterprise has any SSOLogin integration.

How can I log in using any SSOLogin?

Click OpsRamp in the App panel to access OpsRamp.

Why do I not see the SSOLogin landing page when I log in?

After successfully integrating SSOLogin and logging in using the custom URL, the OpsRamp server redirects you to the SSOLogin screen for authentication. Successfully logging in takes you to the OpsRamp dashboard page.

Can I have a separate user account name and SSOLogin name?

For auditing purposes, the OpsRamp username and SSOLogin username should be the same. A bulk import option is provided to import usernames from OneLogin.

What happens if a user is deleted from SSOLogin?

Users remain active but cannot log in using the custom URL.

How does SSOLogin integration ensure security?

The required SSO registration process protects against unauthenticated logins.

Does any data exchange occur during SSOLogin integration?

No data, including passwords, are exchanged. All authentication is done by the SSO site.

What happens after a provisioned user is removed from the platform?

The user can no longer access OpsRamp. Make sure to remove the provisioned user from the SSO vendor to avoid reprovisioning the users.