OneLogin

EN : Appendix A: SAML Configuration : OneLogin

OneLogin

Step 1: Configuring OneLogin

Complete the following steps to configure OneLogin as the Identity Provider.

After logging in to OneLogin, set up Deploy under APPLICATIONS.

1. In the search field, type in SAML Test Connector.

2. Select SAML Test Connector (IDP w/ Attr w/ Sign Response).

3. Assign a Display Name and click Save.

4. On the left pane, click SSO.

5. At the top right, click More Actions > SAML Metadata to download the IdP Metadata.

6. After you have downloaded the IdP Metadata, go to Deploy to configure Step 2: SAML Settings in Deploy and obtain the Service Provider Configuration information.

7. After you have configured Deploy and generated the Service Provider Configuration, click Configuration on the left pane.

8. Fill in the Audience field using the Deploy Audience URI.

9. Fill in the Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL fields using the Deploy Assertion Consumer URL, then click Save.

10. On the left pane, click SSO.

11. Under SAML Signature Algorithm, select SHA-256 or SHA-512.

Currently, only SHA-256 and SHA-512 SAML signature algorithms are supported.

12. Click SAVE.

OneLogin setup is now completed.

Step 2: SAML Settings in Deploy

Complete the following steps to configure Deploy SAML settings for SAML integration:

1. Go to User Management.

2. Click SAML.

3. Create a Login Domain. This will be your organization identifier when logging on to Deploy using SAML.

4. Service Provider Configuration – The Service Provider Configuration displays the assigned Audience URI, SAML Login URL and Assertion Consumer URL.

You will need the Audience URI and Assertion Consumer URL to complete the setup in the Identity Provider portals.

5. Identity Provider Configuration.

> Upload – To upload the IdP metadata, click UPLOAD and select the IdP Metadata (.xml) file that you have downloaded. All other fields will be automatically populated.

> Manual setup

i. Enter the information for the IdP Login URL and Entity ID.

ii. Click Upload and select the IdP Certificate file.

6. Advanced Options

> User Role for Just-in-Time Provisioned Users – Select the permission rights for Just-in-Time Provisioned users.

> Attribute Mapping

The Attribute Mapping tab contains information mapped from the IdP metadata. You can choose to use the generated information as is or edit the fields by clicking the edit icon.

When editing the email, first name, and last name fields, fill in the details using the format user.email, user.firstname, user.lastname.

You can assign a specific identifier by selecting the Use Custom Attribute Instead of NameID For Uniquely Identifying A User checkbox and editing the information on the Custom Attribute field.

7. Click Save after you have finished editing.

Step 3: Assigning Access to Deploy Through OneLogin (IdP-initiated login)

OneLogin Users must be assigned access to Deploy before being able to access Deploy through OneLogin.

To assign access to a user:

1. Go to Users and select a user.

2. On the Users page, click Applications on the left pane.

3. Click the + icon on the top right of the Applications tab.

4. Select the app from the drop-down list and click Continue.

5. Edit the app login details for the selected user and click Save.

The user can now access Deploy through OneLogin.

To perform IdP-initiated access, log in to your OneLogin company portal. Click on the Deploy app. You will be redirected to Deploy.

Add SAML User

SAML Users are created or assigned in OneLogin. See Step 3: Assigning Access to Deploy Through OneLogin (IdP-initiated login).

SAML users have the ability to perform the following actions:

• Edit

• Disable

• Delete

• Tag