Introduction
Single Sign-On (SSO) simplifies user authentication by allowing users to log in once using a single set of credentials to access multiple systems and services. With SSO integration, organizations can streamline access management, enhance security, and improve user experience by leveraging centralized identity providers.
OpsRamp supports SSO through various third-party providers using standard protocols like SAML, enabling seamless and secure access to the platform.
Integration with the following third-party tools is supported for SSO:
The Troubleshooting and SSO FAQs sections answer common questions about SSO.
Troubleshooting
| Issue | Resolution |
|---|---|
| Unable to log in to OpsRamp, after configuring SSO integration, but able to log in to the SSO provider. | Check that the issuer URL, redirection URL, and certificate are correctly configured. There might also be a username mismatch. Verify that the username is the same as that used for OneLogin. |
| Able to log in but unable to find some sections, such as Device View, Monitoring, or Reports. | Verify that your account has permission to access the sections. |
| After logging in, redirected to SSO provider but not permitted to view the landing page. | Verify that the user account is privileged to access the application. |
| Unable to log in to the custom branded site `https://app.opsramp.com` after configuring the SSO provider integration. | Verify with Support that a custom branded site is enabled. |
| Cannot add multiple user accounts. | Capture the reported errors and contact Support. |
| Unable to find the application in the SSO provider application list. | Contact Support. |
SSO FAQs
- What is SAML SSO capability?
- How does SSO help my organization?
- How do I configure user accounts in OneLogin?
- Can I integrate and enable SSO for my user accounts?
- Which users can integrate with SSO provider?
- My Enterprise has SSO provider integration. Can all users in my organization log in using SSO?
- How can I log in using any SSO?
- Why do I not see the SSO landing page when I log in.
- Can I have a separate user account name and SSO Login name?
- What happens if a user is deleted from SSO provider?
- How does SSO provider integration ensure security?
- Does any data exchange occur during SSO provider integration?
- What happens after a provisioned user is terminated?
- Can a provisioned user log in if the SSO integration is disabled or uninstalled?
- What will happen if the SSO is uninstalled and then another SSO is installed?
- Can a local user log in when SSO is enabled?
- If there are any user-related updates from OpsRamp’s side, do they get updated in SSO?
- What would happen if local login name and provisioned user names are identical?
What is SAML SSO capability?
The Security Assertion Markup Language (SAML)-based SSO feature permits users use the same authentication method they use in their local environment.
How does SSO help my organization?
SSO replaces multiple login credentials with a single username and password.
How do I configure user accounts in OneLogin?
You have the option of syncing Active Directory to OneLogin or manually creating user accounts.
Can I integrate and enable SSO for my user accounts?
You are required to have a custom branded URL that identifies your organization, such as <partnerwebsitename>.opsramp.com.
My Enterprise has SSO provider integration. Can all users in my organization log in using SSO?
All partner and client users must be mapped to SSO provider and have their accounts associated with the appropriate organization in OpsRamp to access the platform via Single Sign-On. Users who are not registered or properly mapped will not be able to log in using SSO, even if the enterprise has completed SSO integration.
How can I log in using any SSO?
Click OpsRamp in the App panel to access OpsRamp .
Why do I not see the SSO landing page when I log in?
After successfully integrating SSO and accessing OpsRamp through the custom branded URL, the system redirects you to the SSO provider screen for authentication. Once you log in successfully via your SSO provider, you are taken directly to the OpsRamp dashboard.
Can I have a separate user account name and SSO Login name?
For auditing purposes, the OpsRamp username and SSO Login username should be the same. A bulk import option is provided to import usernames from OneLogin.
What happens if a user is deleted from SSO provider?
Users remain active but cannot log in using the custom URL.
How does SSO provider integration ensure security?
The required SSO registration process protects against unauthenticated logins.
Does any data exchange occur during SSO provider integration?
No data, including passwords, are exchanged. All authentication is done by the SSO site.
What happens after a provisioned user is removed from the platform?
The user can no longer access the platform. Make sure to remove the provisioned user from the SSO vendor to avoid re-provisioning the users.
Can a provisioned user log in if the SSO integration is disabled or uninstalled?
A provisioned user cannot log in, if the SSO integration is disabled or uninstalled.
In order to log in, the local administrator has to update the password.
What will happen if the SSO is uninstalled and then another SSO is installed?
The user can log in through the provisioned password.
Can a local user log in when SSO is enabled?
A local user cannot log in when SSO is enabled, because authentication is done by a third party.
If there are any user-related updates from OpsRamp’s side, do they get updated in SSO?
Any user-related updates from OpsRamp’s side do not get updated in SSO. Also, user updates from SSO are supported in SAML configuration only.
What would happen if local login name and provisioned user names are identical?
It depends on how SSO configuration has been provisioned for the users:
- If the prefix option is selected, a new user with the prefix is created. The user can do SSO login with the same login name.
- If the prefix option is not selected, then the provisioned user will not be able to log in, as a similar user is already present with the same local login name.