How to integrate Exivity with OneLogin
- In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over Applications in the navigation bar, and click on Applications:
-a4e362494782f80692f009875c8c6727.png)
- Click on the Add App button:
-a4264fbafbd2c28e1bc67b94ab9cd5d3.png)
- In the list of applications, search for "saml" and click on the item SAML Test Connector (IdP w/ attr w/ sign response):
-e1ff9455d5c5c586971a45ece9f392f7.png)
- Choose a descriptive name for your application and click the Save button:
-9b9b6df9d52dca3faad170ab92070a89.png)
- Click the Configuration tab:
-7e925408f8daee543deaad3a52b35f88.png)
- Refer to the endpoints section in the Single Sign On article how to obtain the endpoints values. Fill in these fields:
| Field | Value |
|---|---|
| Audience | Entity ID / Metadata URL endpoint |
| Recipient | Assertion Consumer Service endpoint |
| ACS (Consumer) URL Validator | .* (or specify a custom RegEx) |
| ACS (Consumer) URL | Assertion Consumer Service endpoint |
| Single Logout URL | Single Logout Service endpoint |
caution
You need to add the OneLogin domain for your organisation to the CORS whitelist as well.
- Now, we have to copy and paste some values from our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab:
-301037a8d98329524820787533eb51bf.png)
- In a separate browser tab, open the Exivity SAML setting (See SAML configuration) and copy over the following settings:
| Exivity configuration value | OneLogin field |
|---|---|
| Entity ID | Issuer URL |
| SSO URL | SAML 2.0 Endpoint (HTTP) |
| SLO URL | SLO Endpoint (HTTP) |
- Now, let's set up the OneLogin certificate in Exivity. Under the label X.509 Certificate, click the View Details link. Copy the X.509 Certificate and paste it in the X-509 certificate field in the Exivity settings.
-a340ee3b77ae97ce52c911a98e566e99.png)
- As the last step, copy and paste this JSON object in the Advanced settings in the Exivity settings:
{
"security": {
"wantXMLValidation": false
}
}
- Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to Administration, Settings and then click on the System tab. Make sure the Single Sign-On option is set to an option including SAML2 Authentication:
-33f082f3e17c05ad1ee31407e16b20e0.png)
- OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this:
- And by clicking on the Login button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see configuration) if no existing user is found.