In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over Applications in the navigation bar, and click on Applications:
Click on the Add App button:
In the list of applications, search for "saml" and click on the item SAML Test Connector (IdP w/ attr w/ sign response):
Choose a descriptive name for your application and click the Save button:
You need to add the OneLogin domain for your organisation to the CORS whitelist as well.
Now, we have to copy and paste some values from our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab:
In a separate browser tab, open the Exivity SAML setting (See SAML configuration) and copy over the following settings:
Exivity configuration value
SAML 2.0 Endpoint (HTTP)
SLO Endpoint (HTTP)
Now, let's set up the OneLogin certificate in Exivity. Under the label X.509 Certificate, click the View Details link. Copy the X.509 Certificate and paste it in the X-509 certificate field in the Exivity settings.
As the last step, copy and paste this JSON object in the Advanced settings in the Exivity settings:
Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to Administration,Settings and then click on the System tab. Make sure the Single Sign-On option is set to an option including SAML2 Authentication:
OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this:
And by clicking on the Login button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see configuration) if no existing user is found.