Follow our guide to set up single sign-on (SSO) into Fivetran using the Fivetran OneLogin catalog application.
Prerequisiteslink
To set up OneLogin SSO with Fivetran, you need a Super user or Account owner account and a Fivetran Account Administrator or Owner account.
In OneLoginlink
Add and configure the Fivetran applicationlink
-
Log in to OneLogin Portal and click Administration next to your user name in the top right corner of the page.
-
Go to Applications -> Applications.
-
Click Add App.
-
Enter Fivetran in the search box.
-
Select the Fivetran application.
-
(Optional) Enter the Description.
-
Click Save.
-
Assign the Fivetran app to a user or a role manually as shown below or use mapping.
NOTE: Fivetran supports Just-In-Time (JIT) user provisioning. If you assign the app to users who don’t have a Fivetran account, Fivetran will create new accounts for them with the read-only access. You will need to grant the newly created users write access to your Fivetran account.
Get Sign on URL, Issuer, and Public certificatelink
To complete setup in Fivetran, you need the Sign on URL, Issuer, and Public certificate. Follow these steps to find them:
-
On the SSO tab on the Fivetran app page, make a note of the Issuer URL and SAML 2.0 Endpoint (HTTP) values. You will need them to configure Fivetran.
TIP: When configuring Single Sign-On with OneLogin in Fivetran, log in to your OneLogin account and go the Fivetran app page to be able to copy-paste the values.
-
Click View Details.
-
Copy the X.509 Certificate between
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
. You will need this public certificate to configure Fivetran.
In Fivetranlink
NOTE: By default, Fivetran allows Just-In-Time (JIT) user provisioning. If you don’t have a Fivetran user for the specified OneLogin user, the Fivetran user will be created automatically with the read-only access. To grant the newly created user write access to your Fivetran account, log in as the Account Owner or Owner and go to the Account Management page. On the Users tab, manage the user’s permissions.
-
Go to the account management page in your Fivetran dashboard.
-
Go to the Settings tab.
-
Toggle the Enable SAML authentication selector to ON.
-
Fill the Sign on URL, Issuer, and Public certificate fields with the SAML 2.0 Endpoint (HTTP), Issuer URL, and X.509 Certificate values you found in Step 2, respectively.
-
Click Save Config at the bottom of the settings page. You’ll see an Account settings successfully saved message.
Testing SSO (Optional)link
IMPORTANT: If you assigned the Fivetran app to a user who doesn’t have a corresponding Fivetran user, you need to grant them write access after they have been automatically provisioned in your Fivetran account.
To test SSO, follow these steps:
- In OneLogin, log in to the OneLogin Portal as the user you have granted access to.
- Click Fivetran. You will be redirected to your Fivetran dashboard.