SSO - OneLogin
The following documentation describes how to setup OneLogin as your digital workplace’s IdP.
Configure SSO within OneLogin
OneLogins’s article Getting Started with OneLogin gives a background on OneLogin.
1. Navigate to the Apps section of your OneLogin account and click Add App
2. Add the “Igloo Branded Domain” App
Search for “Igloo” and select the option “Igloo Branded Domain”. Click save to add this app.
3. Enter your digital workplace domain
Navigate to the Configuration tab and enter your digital workplace domain.
4. Verify parameters
Navigate to the Parameters tab and record the names being used for Email, First Name, Last Name, and NameID. The Igloo Branded Domain Field names will be used when configuring the Igloo side of setup. If these values do not exist, create them.
5. Record SSO details
Navigate to the SSO tab and record the X.509 certificate value, SAML 2.0 Endpoint, and Issuer URL. These values will be used when configuring the Igloo side of setup.
Configure SSO within Igloo
The remaining steps of this process will take place in your digital workplace.
6. Open the Control Panel
The Control Panel can be found by selecting the cog in the upper right-hand corner of the screen.
7. Select your Sign in Settings
From your Control Panel, select Sign in Settings located underneath the Membership heading.
8. Select configure SAML Authentication
At the bottom of the Sign in Settings options, there is a link Configure SAML Authentication, select it.
9. General configuration
- Connection Name: This value will appear on the SAML button.
- IdP Login URL: Copy the URL associated with the SAML 2.0 Endpoint found in step 5.
- IdP Logout URL: Copy the URL associated with the SLO Endpoint (HTTP) found in step 5.
- Logout Response and Request HTTP Type: Select Post.
- Logout Final Redirect URL: Navigate users to this URL when they logout.
- Binding Type: Select Post.
- Public Certificate: Copy the contents of the X.509 Certificate found in step 5.
10. Response and Authentication Configuration
- Identity Provider: Select OneLogin.
- Identifier Type: Select Email Address.
- Email Attribute: Enter the value that matches the OneLogin Email value. By default, this will be: Email. Refer to step 4 for locating these attributes.
- First Name Attribute: Enter the value that matches the OneLogin First Name Value. By default, this will be: First Name. Refer to step 4 for locating these attributes.
- Last Name Attribute: Enter the value that matches the OneLogin Last Name. By default, this will be: Last Name. Refer to step 4 for locating these attributes.
- Drift Time (In Seconds): Leave at its default value. This number can be increased if the authentication process is timing out.
11. User creation on Sign in
For most use cases it is recommended that the option “Do not create new users when they sign in (Users not in manage members will be denied access)” is selected. This results in your SSO being used for only Authentication, and it will not attempt to provision new users.
12. Sign in Settings
Select “Redirect all users to IdP” if you would like users to be automatically redirected to your IdP’s login page when they navigate to your digital workplace without being signed in. “Use SAML button on “Sign in” screen” to use the Igloo Authentication page with an added button to navigate to your IdP’s sign in page.
13. Save your Igloo SAML settings and test logging in with them
Click Save to apply these settings. In a private browsing tab attempt to log into your digital workplace.