OneLogin

In this document you are going to set up IDmelon as an external IdP to the OneLogin.

Login to OneLogin administration panel

  • Login to OneLogin.
  • Open OneLogin dashboard.
  • On the right side of navbar click onAdministration

alt

Add Identity Provider

  • Tab then click on Trusted idps
  • Click on New Trust

alt

  • Choose a custom name at the left side of page
  • Enable Trusted IDP, for this action certificate validation is necessary
  • Enable Show in Login panel, Choose Custom logo
  • IDmelon Logo Domain :

alt

Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

  • Issuer : Show in Login panel, idp_issuer_uri
  • Email Domains : The Email Domains field is used to automatically invoke this Trusted IdP when a user enters their email address at login time - if the email address is unrecognized, but belongs to one of the domains listed, then this TIdP will be invoked via an authentication request (SAML, OIDC or OAuth as appropriate), Example = idmelon.com

alt

  • To enable Standard mode, check Sign users into OneLogin. This allows inbound identities from the Identity Provider to be matched to local user accounts within the tenant, via responses to the /access/idp endpoint.
  • To send the user identity within the authentication request sent to the Trusted Identity Provider, check Send Subject Name ID or Login Hint in Auth Request: if the Trusted IdP is configured to use SAML, then the authentication request is sent as a Subject NameID parameter whilst if OIDC or OAuth is used, the same information is sent as a query string parameter called login\_hint. This feature is to provide an improved user experience by avoiding the need for the user to provide an identifier to both OneLogin and the Trusted IdP.
  • Sign users into OneLogin
  • Send Subject Name ID or Login Hint in Auth Request
  • SAML - hard-coded to extract the SAML Subject NameID. It can’t be changed.
  • User Attribute Mapping : Email

alt

Get all values for {..} from your IDmelon panel. If you are currently login here, you will see the replaced values instead.

  • IdP Login URL : idp_single_sign_on_url
  • IdP Logout URL : idp_single_sign_on_url
  • IdP Issuer URI idp_issuer_uri

Note : please save the configuration then scroll it to continue with certificate part.

IDmelon SAML configuration

You should copy values of below fields from the Okta panel to the IDmelon Panel:

  • entity id: Copy SP Entity ID
  • single log out: Copy SP logout url
  • Assertion Consumer Service URL : https://{your custom subdomain}.onelogin.com/access/idp

alt

  • Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)
  • Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)
  • Click on View Details
  • Choose : SHA256
  • Download : X.509 Certificate

alt

  • Click on Save
  • Trusted IdP Certificate :idp_certificate_download_url
  • JIT : Enable, Set User TIDP after user creation

alt

  • Enable
  • Set User TIDP after user creation
  • Click on Save.

Enable SSO

  • Click on More Actions then click on Set as default Trusted Idp.
  • this option will activate sso for all users..

alt

  • OR Enable sso for special users.
  • Click on specialuser then Click on Authentication.
  • Choose Custom Trusted IDP.

alt

  • Click on Save.

API Token

GET API Token for user provisioning in OneLogin

  • Click on Developers then API Credentials.
  • Click on New Credential .

alt

  • Choose Custom Name.
  • Click on Manage all.

alt

  • Save.

Custom name API Copy Client ID

  • Copy Client Secret.

alt

  • Done.
Edit this page on GitHub
×