How to integrate Exivity with OneLogin
- In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over Applications in the navigation bar, and click on Applications:
- Click on the Add App button:
- In the list of applications, search for "saml" and click on the item SAML Test Connector (IdP w/ attr w/ sign response):
- Choose a descriptive name for your application and click the Save button:
- Click the Configuration tab:
- Refer to the endpoints section in the Single Sign On article how to obtain the endpoints values. Fill in these fields:
|Audience||Entity ID / Metadata URL endpoint|
|Recipient||Assertion Consumer Service endpoint|
|ACS (Consumer) URL Validator|
|ACS (Consumer) URL||Assertion Consumer Service endpoint|
|Single Logout URL||Single Logout Service endpoint|
You need to add the OneLogin domain for your organisation to the CORS whitelist as well.
- Now, we have to copy and paste some values from our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab:
- In a separate browser tab, open the Exivity SAML setting (See SAML configuration) and copy over the following settings:
|Exivity configuration value||OneLogin field|
|Entity ID||Issuer URL|
|SSO URL||SAML 2.0 Endpoint (HTTP)|
|SLO URL||SLO Endpoint (HTTP)|
- Now, let's set up the OneLogin certificate in Exivity. Under the label X.509 Certificate, click the View Details link. Copy the X.509 Certificate and paste it in the X-509 certificate field in the Exivity settings.
- As the last step, copy and paste this JSON object in the Advanced settings in the Exivity settings:
- Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to Administration, Settings and then click on the System tab. Make sure the Single Sign-On option is set to an option including SAML2 Authentication:
- OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this:
- And by clicking on the Login button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see configuration) if no existing user is found.