Connect OneLogin
Learn how to configure a connection to OneLogin via SAML
Introduction
Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.
To create an OneLogin SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer URL (also known as an Entity ID), an Identity Provider SAML 2.0 Endpoint, and an X.509 Certificate.
WorkOS provides the ACS URL. It's readily available in your Connection's Settings in the Developer Dashboard.
The ACS URL is the location an Identity Provider redirects its authentication response to. In OneLogin's case, it needs to be set by the Enterprise when configuring your application in their OneLogin instance.
And then, you provide the Identity Provider Issuer URL (Entity ID), Identity Provider SAML 2.0 Endpoint, as well as the X.509 Certificate.
Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their OneLogin admin dashboard. But, should that not be the case during your setup, here's how to obtain them.
3
Select "Configuration" from the left-hand navigation:
- Enter your ACS URL Validator e.g. ^https:\/\/auth\.workos\.com\/sso\/saml\/acs\/wz5SpShhRIcSEyMM$
- Enter your ACS URL e.g. https://auth.workos.com/sso/saml/acs/wz5SpShhRIcSEyMM
- Enter your application's login URL
- Select "Service Provider" from the "SAML Initiator" dropdown menu
- Select "Assertion" from the " SAML Signature Element" dropdown menu
5
Select "SSO" from the left-hand navigation.
Copy and Paste the "Issuer URL" and "SAML 2.0 Endpoint" into the corresponding Connection fields in your WorkOS Developer Dashboard. Then select "View details" underneath the X.509 Certificate section. After, select "X.509 PEM" from the dropdown menu and click "Download" to retrieve your certificate.