This article contains instructions to get you started setting up a single sign-on between OneLogin and Cloud Academy or QA. When you set up this integration, you use OneLogin to authenticate and manage your Cloud Academy or QA users. This feature is available to enterprise accounts.
Setting Up Single Sign-on with OneLogin
Use these steps to set up SSO with Okta:
- In OneLogin, add a SAML Custom Connector (Advanced) app.
- In the app in OneLogin, make sure the attributes on the Parameters tab are defined as follows:Important: The NameID (fka Email) value must be a unique value that you know will not change. Make sure the Include in SAML assertion box is checked for each parameter.
You will need these values from your OneLogin metadata:
Tip: You can download the metadata from the More Actions menu on this screen.
- On the SSO screen in Cloud Academy/QA, enter the information from the new SAML application in the General Settings section.
- In the SAML attributes mapping section, add the following values:
- In the Security Settings section, select the Authentication Requests Signed checkbox. If you want your users to log in through SSO only, select the Set SSO enforcement checkbox.
- Click Save and Test.
Information appears that you need to add to the SAML custom connector app you created in OneLogin earlier. You need to copy the following values:
- Post-back URL
- Entity ID
- Logout Service URL
- Return to OneLogin and open the app you created. Add the following information to the Configuration tab and save.
Audience (EntityID) Entity ID ACS (Consumer) URL Validator Post-back URL ACS (Consumer) URL Post-back URL Single Logout URL Logout Service URL SAML initiator Service Provider SAML nameID Persistent
Testing Single Sign-on with OneLogin
Test your connection by going to your subdomain URL. If you log in successfully using SSO, mark the set-up as complete on the SSO screen in CloudAcademy/QA.
Click Complete Setup.
If you are not able to log in successfully, and you have checked your configuration, contact firstname.lastname@example.org.
Please sign in to leave a comment.