OneLogin | SAML

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

2. Prepare IDP

In this step, we will configure OneLogin to work with Kantega SSO. For this, you will need to copy the Reply URL provided. You will use this when setting up OneLogin.

Configure OneLogin

external

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

Sign in to the OneLogin Admin Console, navigate to Applications > Add App, and search for Kantega SSO.

Give the application a name and save.

Go to the Configuration tab for your app and paste the Reply URL aquired from the Kantega SSO wizard into the ACS (Consumer) URL field. Then update the regular expression in the ACS (Consumer) URL Validator to match the above value.

In the Access tab, you can specify which roles should have access to the application. You can also give access to only certain users.

Save your changes, open the More actions dropdown and copy the SAML Metadata url. This will be needed in the next step of the Kantega SSO wizard.

 

Go back to the Kantega SSO wizard.

3. Metadata

Paste the SAML Metadata URL from the previous step into the Metadata XML file published online (URL).

4. Redirect URL

he Redirect URL should be imported automatically from the metadata document. If this does not happen, you will be prompted to upload a certificate. This can be found under the SSO tab in OneLogin.

5. Certificate

This step shows the certificate used to validate the SAML messages.

6. Summary

Check that everything looks good and submit your setup

Test

Test that logging in with One Login works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.