1. AWS Simpplr
  2. Integrations and APIs
  3. SSO Integrations

SSO and Provisioning Setup with OneLogin

Avatar
Matthew Rawls
Follow

Table of Contents

Create a new app for Simpplr in your OneLogin environment

Add OneLogin as an SSO source to Simpplr

Set up OneLogin as a provisioning source

Note:

The Simpplr App manager who also have admin permissions for OneLogin will need to configure the SSO.

Create a new app for Simpplr in your OneLogin environment

  1. Log in to the OneLogin portal using your admin credentials.

  2. Navigate to the Administration area.
    AWS OL 1.png

  3. Open Applications from the top navigation bar.
    AWS OL 2.png

  4. Select Create New App, then search for SAML Custom Connector (Advanced).
    AWS OL 3.png

  5. Here you'll have the option to add a custom app name, attach logo assets and a description as per your org's requirement.

  6. To set up the service initiated SAML flow:

    1. Add an ACS (Consumer) URL / Login URL / ACS (Consumer) URL Validator -
      Simpplr Internal App - https://<subdomain-api.app.simpplr.com>/v1/identity/accounts/login/saml
      Example - https://google-sso-4-api.dev.zeus.simpplr.xyz/v1/identity/accounts/login/saml

      Custom Domain - https://api.<domain>/v1/identity/accounts/login/saml
      Example - https://api.atshub.atszambia.com/v1/identity/accounts/login/saml

    2. Select OneLogin as the SAML initiator from SAML initiator dropdown.

    3. Add an Audience(EntityID) - This can be anything (Optional)
      Reference docs :-

      Recommended -: OneLogin-${Client-Name}-Simpplr

  7. To setup the Identity Provider initiated flow -

    1. Configure Relay State:
      Base 64 encode - {"callback_url":"https://<account-domain>/home","v":"OL"}
      Example - {"callback_url":"https://google-sso-4.dev.zeus.simpplr.xyz/home","v":"OL"}
      Use - to convert the above attached string to Base64 and then paste under Relay State on OneLogin

  8. One finished, click Save to update all the settings.

  9. Under the Parameters tab in left panel, configure mandatory parameter required for just in time provisioning.

    • There are four mandatory attributes used for provisioning:

      1. first_name

      2. last_name

      3. email

      4. username
        AWS OL 4.png

Add OneLogin as an SSO source to Simpplr

  1. Open Simpplr as an App manager. Head to Manage > Application > Security > External IdP (SSO).
  2. Select OneLogin.
    AWS OL get to manage app.gif
  3. Enter your org's OneLogin URL retrieved from your OneLogin portal. To get this:
    • Go to the OneLogin portal using your admin credentials
    • Click on Administration > Applications > Select Applications
    • Search for the SAML app (for example, Simpplr - Dev)
    • Click the SAML app
    • On the left side, Click the SSO tab
    • Copy the SAML 2.0 Endpoint (HTTP) URL
      AWS OL 6.png

  4. Back in Simpplr, paste this URL in the OneLogin URL field.

  5. Head back to OneLogin and select SHA-256 from the SAML Signature Algorithm dropdown list.
    AWS OL 7.png

  6. Under SSO > X.509 Certificate, click on View Details and download the PEM file.
  7. Go back to Simpplr and upload the PEM file certificate.
    AWS OL 8.png
  8. Click Save.

Set up OneLogin as your provisioning source in Simpplr

  1. In Simpplr, head to Manage > Application > Integrations > People data.

  2. Select OneLogin > Provisioning.

  3. Click Save. After clicking save, Simpplr provides you with OneLogin link and token. This token is only visible once. If the page is refreshed or exited, this token will not be displayed again. If a new token is required, uncheck the OneLogin provisioning box and select it again, then save. This will create a new token and invalidate the old one. Don't forget to change the token in this case in the older applications on OneLogin (OneLogin applications will be explained later).

  4. Login to OneLogin. You will need administrator access to complete the next steps.

  5. In the top right corner, click Administration.

  6. To create a new application:

    1. From the Main menu, select Applications, then choose Add App.
      AWS OL prov 1.png

    2. Search for SCIM.

    3. Select SCIM Provisioner with SAML (SCIM v2 Enterprise) and click Save.
      AWS OL prov 2.png

  7. Configure the SCIM App:

    1. Select the Configuration tab.

    2. Let's suppose the base url of the tenant is https://ats-reg-testing.qa.simpplr.xyz/, then put simpplr.xyz in SAML Audience URL and put qa.simpplr.xyz in SAML Consumer URL.

  8. In the SCIM Base URL, enter the OneLogin URL you got in step 3.
    AWS OL prov 3.png

  9. In SCIM JSON Template, copy and paste:
    {
    "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "externalId": "{$user.id}",
    "userName": "{$parameters.scimusername}",
    "name": {
    "familyName": "{$user.lastname}",
    "givenName": "{$user.firstname}"
    },
    "emails": [
    {
    "value": "{$user.email}",
    "type": "work",
    "primary": true
    }
    ],
    "displayName": "{$user.display_name}",
    "locale": "{$user.locale_code}",
    "phoneNumbers": [
    {
    "value": "{$user.phone}"
    }
    ],
    "roles": "{$user.custom_fields.Roles}",
    "active": "{$user.status}"
    }

  10. In SCIM Bearer Token, paste the token you got from Simpplr in step 3 above.

  11. In the API Status select Enable.

  12. Select Save.

  13. Configure provisioning for the SCIM App:

    1. Select the Provisioning tab.

    2. Check Enable Provisioning.

    3. Under Require admin approval before this action, uncheck the Create, Delete, and Update checkboxes to have OneLogin provision new users and update users to the SCIM app without requiring administrative approval.

    4. Select Save.
      AWS OL prov 4.png

  14. Test user provisioning with your SCIM app.

    1. Select the Access tab.

    2. In the Roles section, ensure Default is checked.

    3. Select Save.AWS OL prov 5.png

    4. From the main menu, select Users.

    5. Select the user to provision to the SCIM app.

    6. Select the Applications tab for the user.

    7. In the Roles section, select Default.

    8. Select Save User to start the provisioning process.
      AWS OL prov 6.png

  15. View provisioning status:

    1. From the main menu, select Users > Provisioning.

    2. Refresh the page to view the updates.

    3. Go to Applications and open the SCIM app.

    4. Select the Users tab to see provisioned users.

  16. To disconnect OneLogin SCIM, follow these steps:

    1. Go to Simpplr. Click on Manage > Application > Integrations > People data.

    2. Uncheck OneLogin and the provisioning option.

    3. Click Save.

    4. Login to OneLogin.

    5. Click Administration from the main menu and then click on Applications > App name.

    6. Select the Provisioning tab and uncheck the Enable provisioning in Workflow section.

    7. Click Save.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Articles in this section