Single Sign-On Using OneLogin

Follow our guide to set up single sign-on (SSO) into Fivetran using the Fivetran OneLogin catalog application.

Prerequisites

To set up OneLogin SSO with Fivetran, you need:

• a OneLogin Super user or Account owner account
• a Fivetran Account Administrator account.

In OneLogin

Add and configure the Fivetran application

1. Log in to OneLogin Portal and click Administration next to your user name in the top right corner of the page.

2. Go to Applications -> Applications.

3. Click Add App.

4. Enter Fivetran in the search box.

5. Select the Fivetran application.

6. (Optional) Enter the Description.

7. Click Save.

8. Assign the Fivetran app to a user or a role manually as shown below or use mapping.

   NOTE: Fivetran supports Just-In-Time (JIT) user provisioning. If you assign the app to users who don't have a Fivetran account, Fivetran will create new accounts for them with the read-only access. You will need to grant the newly created users the relevant role with the corresponding permissions.

   

Get Sign on URL, Issuer, and Public certificate

To complete setup in Fivetran, you need the Sign on URL, Issuer, and Public certificate. Follow these steps to find them:

1. On the SSO tab on the Fivetran app page, make a note of the Issuer URL and SAML 2.0 Endpoint (HTTP) values. You will need them to configure Fivetran.

   

   TIP: When configuring Single Sign-On with OneLogin in Fivetran, log in to your OneLogin account and go the Fivetran app page to be able to copy-paste the values.

2. Click View Details.

3. Copy the X.509 Certificate between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----. You will need this public certificate to configure Fivetran.

   

In Fivetran

NOTE: By default, Fivetran allows Just-In-Time (JIT) user provisioning. If you don't have a Fivetran user for the specified OneLogin user, the Fivetran user will be created automatically with the read-only access. To grant the newly created user the relevant role with the corresponding permissions, log in as a Fivetran user with the Users: Manage permission and manage the user's roles and permissions on the Users tab of the Users & Permissions page.

1. In Fivetran, click Account Settings > General.

2. On the Account Settings tab, under Authentication Settings, switch the Enable SAML authentication toggle to ON.

3. Under SAML Config, in the Sign on URL, Issuer, and Public certificate fields, enter the SAML 2.0 Endpoint (HTTP), Issuer URL, and X.509 Certificate values you found in Step 2, respectively.

   

4. In the Application identifier (Entity ID) field, enter https://fivetran.com/login/saml/return.

5. Click Save Config. You'll see the message Account settings successfully saved.

Testing SSO (Optional)

IMPORTANT: If you assigned the Fivetran app to a user who doesn't have a corresponding Fivetran user, you need to grant them write access after they have been automatically provisioned in your Fivetran account.

To test SSO, follow these steps:

1. In OneLogin, log in to the OneLogin Portal as the user you have granted access to.
2. Click Fivetran. You will be redirected to your Fivetran dashboard.

Restrict login to SSO

Follow the steps below to restrict logins to SSO only:

1. Log in to the Fivetran dashboard.
2. In the bottom left menu, click Account Settings > General.
3. Go to the Account Settings tab.
4. In the Authentication Settings section, set the Required authentication type to SAML or Google OAuth.

NOTE: When the Required authentication type is set to None, users can log in either with SSO or with their email and password.