Skip to main content

Set Up OneLogin for Authentication

Learn how to configure OneLogin and SecureAuth to enable your users to sign in using OneLogin IDP and SAML.

Prerequisites

  • SecureAuth access/account
  • OneLogin access/account

Configure OneLogin

  1. Create a new SAML application in OneLogin admin portal by selecting Add App.

    OneLogin admin portal showing Add App button in the Applications menu

  2. In the Find Application view, select SAML Test Connector (Advanced).

    OneLogin Find Application search showing SAML Test Connector (Advanced) option

  3. Save your new application.

    OneLogin application configuration page with Save button highlighted

  4. Select SSO from the sidebar and copy/save the SAML 2.0 endpoint URL.

    OneLogin SSO tab displaying SAML 2.0 endpoint URL field

Configure SecureAuth

  1. Log in to the SecureAuth admin portal.

  2. Switch to the workspace that you want to integrate with OneLogin.

  3. Add a SAML Identity Provider on the SecureAuth side.

  4. Enter the copied SAML 2.0 endpoint URL as Sign in URL and select Save.

note

Check step 4 of Configure OneLogin for the relevant URL.

Enable Trust

To establish the trust between OneLogin and SecureAuth, you need to configure the SAML X509 certificate used for the verification of the SAML assertion.

  1. Go to OneLogin > Security > Certificates.

    OneLogin Security menu with Certificates section highlighted

  2. Select Standard Strength Certificate (2048-bit) and download it in the X.509 PEM format.

    OneLogin certificate download page showing Standard Strength Certificate (2048-bit) in X.509 PEM format

  3. Go to SecureAuth and paste the value of the certificate under IDP certificate in the SAML IDP configuration view.

  4. Set Name ID format as emailAddress.

  5. Save the SAML IDP configuration.

  6. Copy the value of the entity issuer attribute from the SAML IDP view.

  7. Go to OneLogin and navigate to the Configuration view of your SAML application. Enter the copied value of entity issuer attribute into the Audience (EntityID) field. Select Save.

    OneLogin Configuration view showing Audience (EntityID) field for entering SecureAuth entity issuer

  8. Navigate to the Parameters view and configure at least one assertion parameter on top of NameID value.

    OneLogin Parameters view for configuring SAML assertion parameters

note

It is required to configure at least one assertion parameter to successfully complete the authentication flow.

Verify the Configuration

  1. Open the SecureAuth user portal.

  2. Select LOGIN TO DEMO APP.

  3. Choose OneLogin IDP from the list of available identity providers.

  4. Authenticate using your OneLogin credentials.

  5. Review the consent page for data sharing between OneLogin and SecureAuth.

    SecureAuth consent page displaying data sharing permissions between OneLogin and SecureAuth

After successful authentication, you should be redirected back to SecureAuth.