Skip to main content

Set up OneLogin for Authentication

Instructions on configuring SecureAuthSecureAuth with OneLogin as an identity provider using the SAML federation

Prerequisites

  • SecureAuth access/account

  • OneLogin access/account

Configure OneLogin

  1. Create a new SAML application in One­L­o­gin admin por­tal by selecting Add App.

    acp_how-to_config_onelog_add.png

  2. In the Find Application view, select SAML Test Connector (Advanced).

    acp_how-to_config_onelog_connector.png

  3. Save your new application.

    acp_how-to_config_onelog_added.png

  4. Select SSO from the sidebar and copy/save the SAML 2.0 endpoint URL (required in step 5 of Configure SecureAuth).

    acp_how-to_config_onelog_sso.png

Configure SecureAuth

  1. Log in to the SecureAuth admin portal.

  2. Switch to the workspace that you want to integrate with OneLogin.

  3. Add a SAML Identity Provider on the SecureAuth side.

  4. Enter the copied SAML 2.0 endpoint URL as Sign in URL and select Save.

    Note

    Check step 3 of Configure OneLogin for the relevant URL.

Enable Trust

To establish the trust be­tween One­L­o­gin and SecureAuth, you need to con­fig­ure the SAML X509 certificate used for the verification of the SAML assertion.

  1. Go to OneLogin > Security > Certificates.

    acp_how-to_config_acp_certs.png

  2. Select Standard Strength Certificate (2048-bit) and down­load it in the X.509 PEM fro­mat.

    acp_how-to_config_onelog_pem.png

  3. Go to SecureAuth and paste the value of the certificate under IDP certificate in the SAML IDP configuration view.

  4. Set Name ID for­mat as emailAd­dress.

  5. Save the SAML IDP con­figuration.

    Result: The entity issuer attribute is generated for your IDP.

  6. Copy the val­ue of the entity issuer at­tribute from the SAML IDP view.

  7. Go to OneLogin and navigate to the Configuration view of your SAML application. Enter the copied value of entity issuer attribute into the Audience (EntityID) field. Select Save.

    acp_how-to_config_onelog_audience.png

  8. Navigate to the Parameters view and configure at least one assertion pa­ra­me­ter on top of NameID val­ue.

    Note

    It is required to avoid empty SAML assertions, which are not supported by SecureAuth.

    acp_how-to_config_onelog_param.png

Check If It Works

  1. Open the user portal.

  2. Select LOGIN TO DEMO APP.

  3. Select your configured OneLogin IDP and, next, authenticate in OneLogin.

    Result: SecureAuth displays the consent page that lists data scopes to be shared with the application. When you proceed to the application (ALLOW ACCESS), the PII data coming from IDP is delivered through the access token and the ID token generated by SecureAuth.

    token_issued.png

Note

For information on granting and managing SecureAuth consents, see Consents.

In this section: