How-tos

2 mins read

Set up OneLogin for Authentication

Instructions on configuring Cloudentity with OneLogin as an identity provider using the SAML federation

Prerequisites

  • Cloudentity access/account
  • OneLogin access/account

Configure OneLogin

  1. Cre­ate a new SAML application in One­L­o­gin amin por­tal by selecting Add App.

  2. In the Find Application view, select SAML Test Connector (Advanced).

  3. Save your new application.

  4. Select SSO from the sidebar and copy/save the SAML 2.0 endpoint URL (required in step 5 of Configure Cloudentity).

Configure Cloudentity

  1. Log in to the Cloudentity admin portal.

  2. Switch to the workspace that you want to integrate with OneLogin.

  3. Add a SAML Identity Provider on the Cloudentity side.

  4. Enter the copied SAML 2.0 endpoint URL as Sign in URL and select Save.

    Note

    Check step 3 of Configure OneLogin for the relevant URL.

Enable Trust

Trust be­tween One­L­o­gin and Cloudentity

To establish the trust be­tween One­L­o­gin and Cloudentity, you need to con­fig­ure the SAML X509 certificate used for the verification of the SAML assertion.

  1. Go to OneLogin > Security > Certificates.

  2. Select Standard Strength Certificate (2048-bit) and down­load it in the X.509 PEM fro­mat.

  3. Go to Cloudentity and paste the val­ue of the certificate un­der IDP certificate in the SAML IDP configuration view.

  4. Set Name ID for­mat as emailAd­dress.

  5. Save the SAML IDP con­figuration.

    Result

    The entity issuer attribute is generated for your IDP.

  6. Copy the val­ue of the entity issuer at­tribute from the SAML IDP view.

  7. Go to OneLogin and navigate to the Configuration view of your SAML application. Enter the copied val­ue of entity issuer at­tribute into the Audience (EntityID) field. Select Save.

  8. Navigate to the Parameters view and configure at least one assertion pa­ra­me­ter on top of NameID val­ue.

    Note

    It is required to avoid empty SAML assertions, which are not supported by Cloudentity.

Check If It Works

  1. Open the user portal.

  2. Select LOGIN TO DEMO APP.

  3. Select your configured OneLogin IDP and, next, authenticate in OneLogin.

Result

Cloudentity displays the consent page that lists data scopes to be shared with the application. When you proceed to the application (ALLOW ACCESS), the PII data coming from IDP is delivered through the access token and the ID token generated by Cloudentity.

Read more

For information on granting and managing Cloudentity consents, see Cloudentity OAuth consents.

Updated: Jul 11, 2022