Configuring ACP with OneLogin as an identity provider using the SAML federation

Instructions on configuring ACP with OneLogin as an identity provider using the SAML federation

Prerequisites

  • ACP access/account
  • OneLogin access/account

Configure OneLogin

  1. Cre­ate a new SAML application in One­L­o­gin amin por­tal by selecting Add App.

  2. In the Find Application view, select SAML Test Connector (Advanced).

  3. Save your new application.

  4. Select SSO from the sidebar and copy/save the SAML 2.0 endpoint URL (required in step 5 of Configure ACP).

Configure ACP

  1. Log in to the ACP admin portal.

  2. Switch to the workspace that you want to integrate with OneLogin.

  3. Select Identities from the sidebar.

  4. Add a new identity by selecting CREATE IDENTITY.

  5. Select SAML as a new provider and confirm by clicking Next.

  6. Enter the copied SAML 2.0 endpoint URL as Sign in URL and select Save.

    Note

    Check step 3 of Configure OneLogin for the relevant URL.

Enable the trust

Trust be­tween One­L­o­gin and ACP

To establish the trust be­tween One­L­o­gin and ACP, you need to con­fig­ure the SAML X509 certificate used for the verification of the SAML assertion.

  1. Go to OneLogin > Security > Certificates.

  2. Select Standard Strength Certificate (2048-bit) and down­load it in the X.509 PEM fro­mat.

  3. Go to ACP and paste the val­ue of the certificate un­der IDP certificate in the SAML IDP configuration view.

  4. Set Name ID for­mat as emailAd­dress.

  5. Save the SAML IDP con­figuration.

    Result

    The entity issuer attribute get generated for your IDP.

  6. Copy the val­ue of the entity issuer at­tribute from the SAML IDP view.

  7. Go to OneLogin and navigate to the Configuration view of your SAML application. Enter the copied val­ue of entity issuer at­tribute into the Audience (EntityID) field. Select Save.

  8. Navigate to the Parameters view and configure at least one assertion pa­ra­me­ter on top of NameID val­ue.

    Note

    It is required to avoid empty SAML assertions, which are not supported by ACP.

Check if it works

  1. Navigate to Demo application or User por­tal of your workspace.

  2. Attempt to log in.

  3. If you have more than one IDP configured, select OneLogin as IDP that you want to authenticate with.

Expected result

You are redirected to One­L­o­gin for authentication.