Learn how to enable single-tenant authentication and set up self-service SSO.

Wavefront supports a number of third-party authentication solutions that use SAML. The SAML (Security Assertion Markup Language) standard enables an identity provider (IdP) to pass authorization credentials to service providers (SP). In environments that use SAML, users log in once and authenticate to many different services.

  • Self-Service SAML SSO is not available for customers who have set up multi-tenant authentication.
  • Self-Service SAML SSO is not available for trial customers.

Single-Tenant Authentication

Most Wavefront administrators set up authentication in their environment by setting up SSO using an identity provider (IdP). Authentication integrations with the following IdPs are predefined. SSO setup with other IdPs is also possible.

As an administrator, in single-tenant authentication environments, you can set up SAML SSO and your users will log in to the identity provider. After a user has been successfully authenticated, you can set the permissions for that user. Permissions determine what the user can do in Wavefront.


  1. Log in to your Wavefront cluster as a user with SAML IdP Admin permission.
  2. Click the gear icon on the taskbar and select Self Service SAML.
  3. From the Identity Provider drop-down menu, select the identity provider that is used in your environment.
  4. Click the Setup Instructions link.

    The link directs you to the instructions for setting up the provider integration that you selected.

  5. Follow the instructions to retrieve the metadata for your identity provider.
  6. In the Configure Connection field, paste the metadata and click Test to validate the metadata.
  7. Log in to your identity provider.

    After the login is successful and if the test was successful, the Save button becomes available.

  8. Click the Save button to save your changes.

screenshot with fields filled in & blurred out


If the certificate that’s used in your setup must be replaced, you can delete the existing setup and set up SAML SSO again.

  1. Log in to your Wavefront instance as a user with SAML IdP Admin permission.
  2. From the gear icon on the taskbar, select Self Service SAML.
  3. Click the Click Here link to delete the existing key pair.
  4. Repeat the setup process.