Version: Config V2

OneLogin Identity Provider

Connect ConfigCat with OneLogin via SAML.

Introduction

Each SSO Identity Provider requires specific information to configure a SAML integration. The following guide will walk you through how you can connect ConfigCat with OneLogin as a SAML Identity Provider.

1. Create an Application in OneLogin

Log in to OneLogin, and select Applications.
Click on Add App.
Type SAML into the search bar, and select SAML Custom Connector (Advanced).
Enter a descriptive Display Name, then click Save.

The next step will guide you on how to collect the information required for the appearing Configuration page.

2. Configure SAML for the OneLogin Application

Open your organization's authentication settings on the ConfigCat Dashboard.
Click ADD SAML IDENTITY PROVIDER.
Give a name for your Identity Provider, and click Create.
From the next section of the dialog, copy the following values and paste them into the OneLogin application's configuration page.
- Copy Entity ID and paste it into the Audience (EntityID) field.
- Copy Assertion Consumer Service and paste it into the ACS (Consumer) URL field.
- Paste the same Assertion Consumer Service into the ACS (Consumer) URL Validator field in regex format e.g. ^https:\/\/dashboard\-api\.configcat\.com\/saml\/acs\/08db93fc\-c4e7\-441f\-834f\-17c804385c29$
Scroll down a bit on this page and configure the following:
- Select OneLogin as SAML Initiator.
- Select Email as SAML nameID format.
- Select Both as SAML signature element.
Select Parameters, and make sure there is a NameID value entry under the SAML Custom Connector (Advanced) Field with the value Email.
Select SSO, then select SHA-256 as SAML Signature Algorithm.

3. Configure ConfigCat with SAML Details from OneLogin

You can choose one of the following options to configure ConfigCat with SAML Identity Provider metadata.

Metadata URL
Manual Configuration

Select SSO, and copy the value of Issuer URL.
Paste the copied value into the Metadata URL field at ConfigCat.
Select the trusted domains. Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.
Click on Save.

Select SSO, and copy the value of SAML 2.0 Endpoint (HTTP), then click View Details under the X.509 Certificate.
Copy the value of the X.509 Certificate.
Paste the value of the SAML 2.0 Endpoint (HTTP) and the X.509 Certificate into the Configuration dialog at ConfigCat
Select the trusted domains. Only user accounts from trusted domains can login with SAML SSO. You can bind multiple verified domains to a SAML Identity Provider.
Click on Save.

4. Assign the OneLogin Application to Users

To let users authenticate via SAML, you need to assign the newly created application to them.

Select Users.
Select the user you want to get access to the application.
Select Applications, then click on the + sign.
Select your application, then click Continue.
Click Save.

Go to the ConfigCat Log In page, and click COMPANY ACCOUNT - SAML.
Sign in with your company email address assigned to the OneLogin application.
ConfigCat will redirect you to OneLogin's sign in page. Type your credentials, and click Continue.
You should be redirected to ConfigCat signed in with your company account.