SAML SSO Setup with OneLogin

Table of Contents

Create a new app for Simpplr in your OneLogin environment

Add OneLogin as an SSO source to Simpplr

Add Simpplr information to Okta

Create a new app for Simpplr in your OneLogin environment

1. Log in to the OneLogin portal using your admin credentials.

2. Navigate to the Administration area.
   

3. Open Applications from the top navigation bar.
   

4. Select Create New App, then search for SAML Custom Connector (Advanced).
   

5. Here you'll have the option to add a custom app name, attach logo assets and a description as per your org's requirement. Name the app anything you'd like, as long as you remember it. We recommend going with 'Simpplr Intranet' or something simple.

6. To get your org's OneLogin SAML details:

   • Search for the SAML app (for example, Simpplr - Intranet).
   • Click the SAML app.
   • On the left side, Click the SSO tab.
   • Copy the SAML 2.0 Endpoint (HTTP) URL.
   • Copy the Issuer URL as well.
     
7. Select SHA-256 from the SAML Signature Algorithm dropdown list.
8. Under SSO > X.509 Certificate, click on View Details and download the PEM file.
   

Add OneLogin as an SSO source to Simpplr

1. Open Simpplr as an app manager. Head to Manage > Application > Security > External IdP (SSO).
2. Select Add > OneLogin.
   
3. Provide the details required for SSO integration:
   • Name: This is the display name for the SSO integration, visible on the page. Choose a clear and descriptive name that distinguishes it from other SSO options. 
   • Sign in text: This text displays on the login page.You can provide any custom text.
   • Login URL: Enter the SAML 2.0 Endpoint (HTTP) received from OneLogin SSO SAML app.
   • Identity provider (IdP) entity ID: Enter the Issuer URL received from OneLogin SAML app.
   • Certificate: Upload the PEM file certificate.
   • Select a login identifier: Select at least one login identifier that users will use to log into Simpplr application. Choose any of the available identifiers supported by OneLogin.
   • Enable SSO provisioning if you want users to be provisioned via OneLogin. This is an optional step.
     
     
4. Click Add. The integration is complete in Simpplr. You will get the configuration details, which you'll need to complete the integration in OneLogin.
   

Configure SAML SSO in OneLogin with Simpplr Information

Back in OneLogin, as the admin user:

1. Go to the Configuration tab from the left panel, and enter the below details:
   • Enter the ACS URL - Copy the ‘ACS URL’ received from configuration details in Simpplr and paste it in the ACS (Consumer) URL Validator*/ACS (Consumer) URL*/Login URL URL fields in OneLogin SAML app
   • Enter the Audience(Entity ID) - Copy the ‘Service Provider entity ID’ received from configuration details in Simpplr and paste it in the Audience(Entity ID) field in OneLogin SAML app
   • Enter the RelayState - Copy the ‘Relay state’ received from configuration details in Simpplr and paste it in the RelayState field in OneLogin SAML app
     
2. Once finished, click Save to update all the settings.
3. Under the Parameters tab in the left panel, configure mandatory parameters required for just in time provisioning. There are four mandatory attributes used for provisioning:
   1. first_name
   2. last_name
   3. email
   4. username