Sign in

Connect OneLogin

Learn how to configure a connection to OneLogin via SAML


Each SSO Identity Provider requires specific information to create and configure a new Connection. Often, the information required to create a Connection will differ by Identity Provider.

To create an OneLogin SAML Connection, you'll need four pieces of information: an ACS URL, an Identity Provider Issuer URL (also known as an Entity ID), an Identity Provider SAML 2.0 Endpoint, and an X.509 Certificate.

WorkOS ProvidesLink

WorkOS provides the ACS URL. It's readily available in your Connection's Settings in the Developer Dashboard.

The ACS URL is the location an Identity Provider redirects its authentication response to. In OneLogin's case, it needs to be set by the Enterprise when configuring your application in their OneLogin instance.


And then, you provide the Identity Provider Issuer URL (Entity ID), Identity Provider SAML 2.0 Endpoint, as well as the X.509 Certificate.

Normally, this information will come from your Enterprise customer's IT Management team when they set up your application's SAML 2.0 configuration in their OneLogin admin dashboard. But, should that not be the case during your setup, here's how to obtain them.

Log inLink

Log in to the OneLogin admin dashboard and select "Applications" in the navigation bar.

Select your applicationLink

Select your application from the list of applications.

Configure applicationLink

Select "Configuration" from the left-hand navigation:

  • Enter your ACS URL Validator e.g. ^https:\/\/auth\.workos\.com\/sso\/saml\/acs\/wz5SpShhRIcSEyMM$
  • Enter your ACS URL e.g.
  • Enter your application's login URL
  • Select "Service Provider" from the "SAML Initiator" dropdown menu
  • Select "Assertion" from the " SAML Signature Element" dropdown menu

Set up attribute mapping parametersLink

Select "Parameters" from the left-hand navigation and add the following field-value parameter pairs:

  • email -> Email
  • firstName -> First Name
  • lastName -> Last Name
  • id -> UUID

Check the "Include in SAML assertion" flag for each pair.

Obtain Identity Provider DetailsLink

Select "SSO" from the left-hand navigation.

Copy and Paste the "Issuer URL" and "SAML 2.0 Endpoint" into the corresponding Connection fields in your WorkOS Developer Dashboard. Then select "View details" underneath the X.509 Certificate section. After, select "X.509 PEM" from the dropdown menu and click "Download" to retrieve your certificate.

Upload CertificateLink

Finally, upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will then be linked and good to go!