SAML SSO - OneLogin
Last updated
Last updated
Here's how you can set up SAML SSO with OneLogin.
Go to your workspace SSO settings and select the SAML SSO option as the authentication method.
Keep this screen open, we'll need it later.
Open a new tab and go to OneLogin to create a new SAML Test Connector (IdP w/ attr w/ sign response) app.
In the configuration, screen change the display name to Tability and save.
Go to the configuration section of your OneLogin app, and copy the values from your workspace SSO settings in Tability.
Audience: copy the value of the SP Entity ID (https://api.tability.app/auth/saml/metadata/<workspace>)
Recipient: copy the value of the SP Consumer URL (https://api.tability.app/auth/saml/consume/<workspace>)
ACS (Consumer) URL Validator: copy the value of the SP Consumer URL (https://api.tability.app/auth/saml/consume/<workspace>)
ACS (Consumer) URL: copy the value of the SP Consumer URL (https://api.tability.app/auth/saml/consume/<workspace>)
Save the settings
Go to the SSO section of your OneLogin application and click on View Details to see the content of the certificate.
Copy the content of the certificate including the BEGIN CERTIFICATE and END CERTIFICATE to the IDP certificate field in Tability.
Copy the SAML 2.0 Endpoint (HTTP) URL from OneLogin, and paste it into the IDP SSO URL field in Tability.
Click on update to save the settings.
Once SAML is activated, it will be the only authentication method for your workspace. Make sure that your admin account in Tability is associated with a user in your OneLogin, otherwise, you might lose access to your workspace settings.
To finalize the integration you need to sign in once via SAML SSO to validate your configuration.
Click on the Log in via SSO button to sign in.
Once you're logged in you should see a confirmation message at the top of your screen saying that "SAML SSO is enabled for all users."