SAML2
How does SSO work? SSO works based upon a trust relationship set up between an application, known as the service provider, and an identity provider, like OneLogin. ... In SSO, this identity data takes the form of tokens that contain identifying bits of information about the user like a user's email address or a username.
How to set up a SAML-2 saml2-compatible identity providerproviders...
XML Set Up
Log in to Identity Provider (One Login)Go to "Applications"Click on "AddApp"Search for "SAML"Select "SAML Test Connector (Advanced) 2.0
Insert a display nameClick SaveLog into CMSSelect AppClick on "Settings"Click on "Authentication"Click on "Add Provider"
- Fill in; "Provider Name"
- Return to
One LoginIDP and copy the MetadataURL by clicking on more actions and right-clickingURL - Copy the link into the CMS field "Metadata URL"
- Insert a name into the "Unique User I.D" field (for example; NameId)
- Click Save in CMS
Click on "View Configuration"- Copy the "Relay State URL" into the Configuration
TAB in One LoginTAB - Copy the "Audience" into the Configuration
TAB in One LoginTAB - Copy the "Recipient" into the Configuration
TAB in One Login Click Save in One LoginClick on the "Parameters" TAB in One LoginTAB
Field Mapping
Click the Add + IconType in the "Field Name"Tick the "Include SAML assertion" box
Click SaveLink up the Field Name with the appropriate ValueClick SaveReturn to CMS- Click on "Edit Provider"
- Scroll down and click on "Add Field Mapping"
- Enter each field mapping and click "Save"
- Click Save
Adding a User to the App through One Login
Click on "Users""New Users"Fill in the new user's details
Click "Save User"Click on "Applications" on the side panel on the screenClick "Add Application"Select the App you wish to grant the user permission to
Click "Continue"Click "Save"
Logging into Front End
- Open up Front End of App
- Click on "Sign In"
- Enter your credentials
- At this point, if any more User information is required then a screen will appear for the user to fill them in (for example; first name), otherwise, you will receive a "Success Screen" before FE loads
upup - As this is the first time the User will of logged in, they will receive the company privacy message to accept or decline
- The user is now logged into the
AppApp
Manual Set Up
Log in to Identity Provider (One Login)Go to "Applications"Click on "AddApp"Search for "SAML"Select "SAML Test Connector (Advanced) 2.0Insert a display nameClick Save- Log into CMS
- Select
AppApp - Click on "Settings"
- Click on "Authentication"
- Click on "Add Provider"
- Check the "Manual Set Up"
optionoption - Fill in; "Provider Name"
Return to "One Login" and select the SSO TAB- Copy the "Certificate" into the required field in CMS
- Copy the "Issuer URL" into the "Entity I.D" in CMS
- Copy the "SAML2 Endpoint" into the "URL" field in CMS
- Fill in the "Unique User I.D Field" in CMS
- Click "Save" in CMS
**Copy the Field Mapping steps from Above**
**Repeat Adding a New User to the App through One Login steps from Above**
**Repeat the Logging into Front End steps from Above**
Branding the Login Page with SSO...
The Front End Login page can be branded with unique text and/or with a logo through CMS.
- Log into CMS
- Select App
- Click on "Settings"
- Click on "Authentication"
- Click on "Edit"
- Click on the "Display TAB"
- Upload the image you wish to add to the login page
- Type the text you would like to appear (For Example... "Please log in"
- Click Save