Learn how to configure a connection to OneLogin via SAML
Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.
To create an OneLogin SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer URL (also known as an Entity ID), an Identity Provider SAML 2.0 Endpoint, and an X.509 Certificate.
WorkOS provides the ACS URL. It's readily available in your Connection's Settings in the Developer Dashboard.
The ACS URL is the location an Identity Provider redirects its authentication response to. In OneLogin's case, it needs to be set by the Enterprise when configuring your application in their OneLogin instance.
Configuring One Login
And then, you provide the Identity Provider Issuer URL (Entity ID), Identity Provider SAML 2.0 Endpoint, as well as the X.509 Certificate.
Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their OneLogin admin dashboard. But, should that not be the case during your setup, here's how to obtain them.
Log in to the OneLogin admin dashboard and select "Applications" in the navigation bar.
2Select your application
Select your application from the list of applications.
Select "Configuration" from the left-hand navigation:
- Enter your ACS URL Validator e.g. ^https:\/\/auth\.workos\.com\/sso\/saml\/acs\/wz5SpShhRIcSEyMM$
- Enter your ACS URL e.g. https://auth.workos.com/sso/saml/acs/wz5SpShhRIcSEyMM
- Enter your application's login URL
- Select "Service Provider" from the "SAML Initiator" dropdown menu
- Select "Assertion" from the " SAML Signature Element" dropdown menu
4Set up attribute mapping parameters
Select "Parameters" from the left-hand navigation and add the following field-value parameter pairs:
- email -> Email
- firstName -> First Name
- lastName -> Last Name
- id -> UUID
Check the "Include in SAML assertion" flag for each pair.
5Obtain Identify Provider Details
Select "SSO" from the left-hand navigation.
Copy and Paste the "Issuer URL" and "SAML 2.0 Endpoint" into the corresponding Connection fields in your WorkOS Developer Dashboard. Then select "View details" underneath the X.509 Certificate section. After, select "X.509 PEM" from the dropdown menu and click "Download" to retrieve your certificate.
Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be linked and good to go!