OneLogin

In this document you are going to set up IDmelon as an external IdP to the OneLogin.

Login to OneLogin administration panel


Login to OneLogin.

Open OneLogin dashboard.

on the rightside of navbar Click onAdministration

Add Identity Provider


Tab then click on Trusted idps

colick on New Trust

Choose a custom name at the left side of page

Enable Trusted IDP, for this action certificate validation is necessary

Enable Show in Login panel, Choose Custom logo

IDmelon Logo Domain :

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.

Issuer : Show in Login panel, idp_issuer_uri

Email Domains : The Email Domains field is used to automatically invoke this Trusted IdP when a user enters their email address at login time - if the email address is unrecognized, but belongs to one of the domains listed, then this TIdP will be invoked via an authentication request (SAML, OIDC or OAuth as appropriate), Example = idmelon.com

To enable Standard mode, check Sign users into OneLogin. This allows inbound identities from the Identity Provider to be matched to local user accounts within the tenant, via responses to the /access/idp endpoint.

To send the user identity within the authentication request sent to the Trusted Identity Provider, check Send Subject Name ID or Login Hint in Auth Request: if the Trusted IdP is configured to use SAML, then the authentication request is sent as a Subject NameID parameter whilst if OIDC or OAuth is used, the same information is sent as a query string parameter called login\_hint. This feature is to provide an improved user experience by avoiding the need for the user to provide an identifier to both OneLogin and the Trusted IdP.

Sign users into OneLogin

Send Subject Name ID or Login Hint in Auth Request

SAML - hard-coded to extract the SAML Subject NameID. It can't be changed.

User Attribute Mapping : Email

Get all values for {..} from your IDmelon panel.
If you are currently login here, you will see the replaced values instead.

IdP Login URL : idp_single_sign_on_url

IdP Logout URL : idp_single_sign_on_url

IdP Issuer URI idp_issuer_uri

Note : please save the configuration then scroll it to continue with certificate part.

IDmelon SAML configuration


You should copy values of below fields from the Okta panel to the IDmelon Panel:

entity id: Copy SP Entity ID

single log out: Copy SP logout url

Assertion Consumer Service URL : https://{your custom subdomain}.onelogin.com/access/idp

Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)

Choose : X.509 Certificate = Standard Strength Certificate (2048-bit)

Click on View Details

Choose : SHA256

Download : X.509 Certificate

Click on Save

Trusted IdP Certificate :idp_certificate_download_url

JIT : Enable, Set User TIDP after user creation

Enable

Set User TIDP after user creation

Click on Save.

Enable SSO


Click on More Actions then Click on Set as default Trusted Idp.

this option will activate sso forall users..

OR Enable sso for special users.

Click on specialuser then Click on Authentication.

Choose Custom Trusted IDP.

Click on Save.

API Token


GET API Token for user provisioning in OneLogin

Click on Developers then API Credentials.

Click on New Credential .

Choose Custom Name.

Click on Manage all.

Save.

Custom name API Copy Client ID

Copy Client Secret.

Done.