OneLogin
In this document you are going to set up IDmelon
as an external IdP to the OneLogin
.
Login to OneLogin administration panel
Login to OneLogin.
Open OneLogin dashboard.
on the rightside of navbar Click onAdministration

Add Identity Provider
Tab then click on Trusted idps
colick on New Trust

Choose a custom name at the left side of page
Enable Trusted IDP, for this action certificate validation is necessary
Enable Show in Login panel, Choose Custom logo
IDmelon Logo Domain :

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.
Issuer : Show in Login panel, idp_issuer_uri
Email Domains : The Email Domains field is used to automatically invoke this Trusted IdP when a user enters their email address at login time - if the email address is unrecognized, but belongs to one of the domains listed, then this TIdP will be invoked via an authentication request (SAML, OIDC or OAuth as appropriate), Example = idmelon.com

To enable Standard mode, check Sign users into OneLogin. This allows inbound identities from the Identity Provider to be matched to local user accounts within the tenant, via responses to the /access/idp endpoint.
To send the user identity within the authentication request sent to the Trusted Identity Provider, check Send Subject Name ID or Login Hint in Auth Request: if the Trusted IdP is configured to use SAML, then the authentication request is sent as a Subject NameID parameter whilst if OIDC or OAuth is used, the same information is sent as a query string parameter called login\_hint. This feature is to provide an improved user experience by avoiding the need for the user to provide an identifier to both OneLogin and the Trusted IdP.
Sign users into OneLogin
Send Subject Name ID or Login Hint in Auth Request
SAML - hard-coded to extract the SAML Subject NameID. It can't be changed.
User Attribute Mapping : Email

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.
IdP Login URL : idp_single_sign_on_url
IdP Logout URL : idp_single_sign_on_url
IdP Issuer URI idp_issuer_uri
Note : please save the configuration then scroll it to continue with certificate part.
IDmelon SAML configuration
You should copy values of below fields from the Okta panel to the IDmelon Panel:
entity id: Copy SP Entity ID
single log out: Copy SP logout url
Assertion Consumer Service URL : https://{your custom subdomain}.onelogin.com/access/idp

Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)
Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)
Click on View Details
Choose : SHA256
Download : X.509 Certificate

Click on Save
Trusted IdP Certificate :idp_certificate_download_url
JIT : Enable, Set User TIDP after user creation

Enable
Set User TIDP after user creation
Click on Save.
Enable SSO
Click on More Actions then Click on Set as default Trusted Idp.
this option will activate sso forall users..

OR Enable sso for special users.
Click on specialuser then Click on Authentication.
Choose Custom Trusted IDP.

Click on Save.
API Token
GET API Token for user provisioning in OneLogin
Click on Developers then API Credentials.
Click on New Credential .

Choose Custom Name.
Click on Manage all.

Save.
Custom name API Copy Client ID
Copy Client Secret.

Done.