Skip to main content
Documentation
Troubleshooting
Feature Requests Status

Single Sign-On Using PingOne

Edit on GitHub
  • Updated
Fivetran System User Fivetranner

Follow our guide to set up single sign-on (SSO) into Fivetran using the Fivetran PingOne catalog application.

Prerequisiteslink

To set up PingOne SSO with Fivetran, you need:

In PingOnelink

Add and configure the Fivetran applicationlink

  1. Log in to your PingOne account and select the environment you want to connect to Fivetran.

  2. Go to Connections > Applications.

    Add app

  3. On the Applications page, click +.

  4. Select WEB APP.

    Select Web app

  5. In the Choose Connection Type pop-up, in the SAML section, click Configure.

  6. On the Create App Profile page, enter the name (we recommend “Fivetran”).

  7. (Optional) Enter the description and upload an icon file for the Fivetran app.

    Name app

  8. Click Next.

  9. On the Configure SAML Connection page, select Manually Enter.

  10. In the ACS URLS field, enter “https://fivetran.com/login/saml/return”.

    Manually enter

  11. In the ENTITY ID field, enter “Fivetran”.

    Entity ID

  12. In the ASSERTION VALIDITY DURATION IN SECONDS field, enter “60”.

    Assertion Validity Duration

  13. Click Save and Continue.

Map attributeslink

  1. On the Attribute Mapping page, go the SAML ATTRIBUTES section. In the saml_subject field, enter “Email Address”.

  2. Click + ADD ATTRIBUTE.

    Attribute Mapping

  3. Enter “FirstName” in the left field and “Given Name” in the right field.

  4. Click + ADD ATTRIBUTE.

  5. Enter “LastName” in the left field and “Family Name” in the right field.

  6. Click Save and Close. The Fivetran app is created.

  7. Use the toggle in the top-right corner of the page to enable user access to the Fivetran app.

    Enable User Access

Add user detailslink

  1. Go to Identities > Users.

  2. Click + Add User.

    Add User

  3. In the Add User popup, enter the GIVEN NAME and FAMILY NAME of the user you want to add to the Fivetran app.

    Specify Names

  4. In the CONTACT section, enter the EMAIL ADDRESS of the user you want to add to the Fivetran app.

    Specify Contact

  5. Scroll-down to the COMPANY INFORMATION section. In the USERNAME field, enter the email address of the user you want to add to the Fivetran app .

    Specify Username

  6. Click Save.

  7. On the Users page, click the down-arrow icon to expand the added user’s details, and then click Reset Password.

    Reset Password

  8. Enter a one-time password in the input field. You will need to replace it with a permanent password when you log in for the first time.

  9. Click Save.

Add group detailslink

  1. Go to Identities > Groups.

  2. Click +.

    Add group

  3. Specify the Group Name. We recommend “Fivetran”.

    Specify Group Name

  4. Click Save.

  5. On the Fivetran group page, go to the Users tab.

    Add Users individually

  6. Click + Add Users Individually.

  7. Click + to add the Fivetran user to the group.

    Add user to group

  8. Click Save.

Provide accesslink

  1. Go to Connections > Applications.

    Enable access

  2. Click the Fivetran app.

  3. Go to the Access tab.

  4. Click the pencil icon.

    Give access to groups

  5. Click + to give the Fivetran group access to the Fivetran app.

    Add Fivetran group

  6. Click Save.

NOTE: Fivetran supports Just-In-Time (JIT) user provisioning. If you assign the app to users who don’t have a Fivetran account, Fivetran will create new accounts for them with the read-only access. You will need to grant the newly created users the relevant role with the corresponding permissions.

Get Sign on URL, Issuer, and Public certificatelink

To complete setup in Fivetran, you need the following credentials:

  • Sign on URL
  • Issuer
  • Public certificate

To find these credentials, do the following:

  1. In the PingOne Admin console, open the Fivetran app page and go to the Configuration tab.

    Get credentials

  2. Click Download Signing Certificate and select X509 PEM (.crt) format.

  3. Open the downloaded certificate in a text editor and copy the certificate, which is the string between the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- statements. You must enter it in the Public certificate field in Fivetran.

  4. Copy the Issuer ID. Make a note of it. You must enter it in the Issuer field in Fivetran.

  5. Copy the Single Signon Service. Make a note of it. You must enter it in the Sign on URL field in Fivetran.

    TIP: When configuring Single Sign-On with PingOne in Fivetran, log in to your PingOne account and go the Fivetran app page to be able to copy-paste the values.

In Fivetranlink

NOTE: By default, Fivetran allows Just-In-Time (JIT) user provisioning. If you don’t have a Fivetran user for the specified OneLogin user, the Fivetran user will be created automatically with the read-only access. To grant the newly created user the relevant role with the corresponding permissions, log in as a Fivetran user with the Users: Manage permission and manage the user’s roles and permissions on the Users tab of the Account Management page.

  1. Go to the account management page in your Fivetran dashboard.

  2. Go to the Settings tab.

  3. Toggle the Enable SAML authentication selector to ON.

  4. Fill the Sign on URL, Issuer, and Public certificate fields with the Single Signon Service, Issuer ID, and Download Signing Certificate values you found in Step 6, respectively.

    In Fivetran

  5. Click Save Config at the bottom of the settings page. You’ll see an Account settings successfully saved message.

Testing SSO (Optional)link

IMPORTANT: If you assigned the Fivetran app to a user who doesn’t have a corresponding Fivetran user, you need to grant them write access after they have been automatically provisioned in your Fivetran account.

To test SSO, follow these steps:

  1. In the PingOne Admin console, open the Fivetran app page. Go to the Configuration tab and copy the Initiate Single Sign-On URL. You will need it to log in to Fivetran using SAML SSO.

    Initiate Single Sign-On URL

  2. In a browser, paste the Initiate Single Sign-On URL to the address bar.

  3. Enter the USERNAME you created in Step 3.

  4. Enter your PASSWORD. Specify either of the following:

    • the one-time password you created in Step 3 if you test SSO for the first time
    • the permanent password you created when logging in using SSO for the first time

  5. Click Sign On.

  6. If you are testing SSO login for the first time, in the Current Password field, specify the one-time password you created in Step 3.

  7. If you are testing SSO login for the first time, in the New Password and Verify New Password, specify a new permanent password.

  8. If you are testing SSO login for the first time, click Save.

You will be redirected to your Fivetran dashboard.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Didn’t find what you need?

Contact support