Contents x
    OneLogin SSO
    • 1 Minute to read
    • Print
    • PDF
    Contents

    OneLogin SSO

    • 1 Minute to read
    • Print
    • PDF
    Article Summary

    About this document

    Single Sign-On (SSO) enables organizations to use the SAML 2.0 authentication provider for authenticating login into SAFE. Admin can onboard and manage users right from their OneLogin SSO platform, eliminating the need to maintain a separate user authentication mechanism for SAFE.

    This document describes the step-by-step procedure to configure Single Sign-On (SSO) for SAFE via OneLogin SSO.

    Setting up OneLogin

    1. Log in to OneLogin as an administrator.
    2. Navigate to Applications >Applications.
      be0a3cfe-058b-42c0-9f76-a054941e6b4c
    3. Click the Add App button at the top right corner.
      6959f976-2ff2-4375-a805-c7677648d3bd
    4. In the search bar under Find Applications, enter SAML, and then choose SAML Custom Connector (Advanced).
      bb1846ed-b260-46eb-95af-c80ecc721939
    5. On the Configuration page, enter a name for the application (Example: Safe Security, Inc.).
      8567ecc5-fa1e-4e2a-805c-0968999080bf
    6. Click the Save button.
    7. Once saved, go to the Configuration page from the left navigation page and fill in the details as follows:
      1. Audience (EntityID) - Select the correct Entity ID for your regional instance.
      2. Recipient  - Select the correct Reply URL for your regional instance.
      3. ACS (Consumer) URL Validator - Select the correct Reply URL Validator for your regional instance.
      4. ACS (Consumer) URL - Select the correct Reply URL for your regional instance.
      5. Everything else - Leave as blank.
    8. Click Save to store the app settings.
    9. Click Parameters in the left navigation menu. 
    10. Click the + button to add a new field.
      60f120e2-5fd0-4282-8aa4-177eda75b642
    11. Note: The Parameters page lists the parameter NameID (fka Email) by default.
    12. Enter the following parameters:
      1. For Email:
        1. In the New Field dialogue box, for Field name, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
        2. For Flags, select the Include in SAML assertion check box.
        3. Choose Save.
        4. For Value, choose Email from the list.
        5. Click on the Save button.
          e09503ee-4b68-40fd-a89f-38d5b47158e0
    13. For First Name: (Optional)
      1. In the New Field dialogue box, for Field name, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
        1. For Flags, select the Include in SAML assertion check box.
        2. Choose Save.
        3. For Value, choose the First Name from the list.
        4. Click on the Save button.
    14. For Last Name: (Optional)
      1. In the New Field dialogue box, for Field name, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
        1. For Flags, select the Include in SAML assertion check box.
        2. Choose Save.
        3. For Value, choose Last Name from the list.
        4. Click on the Save button.
    15. You'll need to grant your users permission to access the application you just created, either by adding individual Users or by adding to Roles or Groups within OneLogin according to how you prefer to manage your Users there.
    16. Navigate back to the application created in Step 6, and select SSO from the left side navigation.
    17. Copy the Issuer URL and share it with SAFE’s support team at the Service Desk.
      8742bd72-0bf0-4684-ade5-77c5baddd4a5
    18. Click on the Save button to save the application.
    Was this article helpful?
    What's Next