SSO with OneLogin
Configure OneLogin as a SAML identity provider.
The OpsLevel Single Sign-On authentication method can be used with your organization’s existing OneLogin account by configuring a SAML application. Below are the detailed steps on how to get started using OneLogin and SAML
Note: You will need to be a Administrator on your Google account. You will also need access to your SAML Endpoint URL located in the Authentication Method section of your Account Settings. Only admin users will have access to this section.
Setting up a OneLogin SAML Application
1. In OneLogin, navigate to the Applications tab, then click Add App
2. Select SCIM Provisioner with SAML (SCIM v2 Core) to begin your configuration. You can type "SCIM" into the search box to narrow down your results quickly.3. Give your new app an appropriate Display Name so that it will be easy to visually identify later on. Something like "OpsLevel" should do fine.
Configuring the Application for SSO
1. Navigate to the SSO tab within OneLogin. From here there are 3 fields that we'll want to copy over to our Settings in OpsLevel:
- The X.509 Certificate
- The SAML 2.0 Endpoint (HTTP)
- The SLO Endpoint (HTTP)
In another window, navigate to our Account Settings so that we can copy over some values.
2. Under Authentication Method select SAML. A form should open.
3. Copy over the following fields:
- For Email Domain use your organizations email domain (ie. yourorg.com).
- For X.509 Certificate copy over the value from Step 1.
- For Identity provider sign in URL copy over SAML 2.0 Endpoint (HTTP) from Step 1.
- For Identity provider sign out URL copy over SLO Endpoint (HTTP) from Step 1.
Your settings should look something like the following:
4. Don't save your results just yet, we'll want to finish the configuration in OneLogin before we finish. Instead copy the value of SAML Endpoint URL and navigate to the Configuration tab in OneLogin.
5. We'll need to provide values for 2 more fields:
- For SAML Audience URL we'll use the value
opslevel
(Don't worry that it's not a URL). - For SAML Consumer URL use the value of SAML Endpoint URL that we copied in Step 4.
Your settings should look like the following:
6. Update Parameters to send the following fields to OpsLevel:
email
first_name
last_name
Ensure "Include in SAML assertion" is checked for every field.
7. Save your changes in OneLogin.
8. Save your changes in OpsLevel.
Your users should now be able to log into OpsLevel using SSO!
User Account Provisioning with SCIM
OpsLevel also supports user provisioning through SCIM. If you wish to configure this, you can check out our guide to OneLogin User Provisioning with SCIM.
Troubleshooting
If you are having trouble setting up your single sign-on in any way, send us an email at [email protected] and we’ll be happy to help debug and diagnose any issues.
Updated about 2 months ago