Configuring ACP with OneLogin as an identity provider using the SAML federation
Instructions on configuring ACP with OneLogin as an identity provider using the SAML federation
Prerequisites
- ACP access/account
- OneLogin access/account
Configure OneLogin
-
Create a new SAML application in OneLogin amin portal by selecting Add App.
-
In the Find Application view, select SAML Test Connector (Advanced).
-
Save your new application.
-
Select SSO from the sidebar and copy/save the SAML 2.0 endpoint URL (required in step 5 of Configure ACP).
Configure ACP
-
Log in to the ACP admin portal.
-
Switch to the workspace that you want to integrate with OneLogin.
-
Select Identities from the sidebar.
-
Add a new identity by selecting CREATE IDENTITY.
-
Select SAML as a new provider and confirm by clicking Next.
-
Enter the copied SAML 2.0 endpoint URL as Sign in URL and select Save.
Note
Check step 3 of Configure OneLogin for the relevant URL.
Enable the trust
Trust between OneLogin and ACP
To establish the trust between OneLogin and ACP, you need to configure the SAML X509 certificate used for the verification of the SAML assertion.
-
Go to OneLogin > Security > Certificates.
-
Select Standard Strength Certificate (2048-bit) and download it in the X.509 PEM fromat.
-
Go to ACP and paste the value of the certificate under IDP certificate in the SAML IDP configuration view.
-
Set Name ID format as emailAddress.
-
Save the SAML IDP configuration.
Result
The entity issuer attribute get generated for your IDP.
-
Copy the value of the entity issuer attribute from the SAML IDP view.
-
Go to OneLogin and navigate to the Configuration view of your SAML application. Enter the copied value of entity issuer attribute into the Audience (EntityID) field. Select Save.
-
Navigate to the Parameters view and configure at least one assertion parameter on top of NameID value.
Note
It is required to avoid empty SAML assertions, which are not supported by ACP.
Check if it works
-
Navigate to Demo application or User portal of your workspace.
-
Attempt to log in.
-
If you have more than one IDP configured, select OneLogin as IDP that you want to authenticate with.
Expected result
You are redirected to OneLogin for authentication.