Configure settings to use OneLogin SAML2.0 authentication to log in to ovice account.
Advance Preparation
1. Required permissions:
- OneLogin administrator privileges
- ovice administrator privileges
2. Click the hamburger menu on the upper left of the ovice screen and select the Space tab on the main menu.
*If you are not the organization owner, you do not need to select the tab.
3. Click Space Settings → Space Access Settings → Email Authentication under Allow access as a member
4. Select the SSO Authentication tab
5. Click the + button of "SAML Authentication Setup"
6. Enter any name in IdP name
This name will appear on the login screen of your space URL.
7. Choose where to redirect
Select the screen each user is redirected to when they log in.
| Space | Redirect into space |
| Lobby | Redirect to lobby screen (space list) |
Other items will be set later, so do not close the ovice setting screen in this state.
OneLogin Settings
1. Access the OneLogin admin screen
https://app.onelogin.com/login
2. Click Applications from Applications in the menu bar
3. Click Add App
4. Enter SAML in the search window and click SAML Custom Connector (SP shibboleth)
5. Change Display Name to any name and click Save
*The icon image can also be changed.
6. Click SSO in the sidebar
7. Copy and paste the OneLogin information to the ovice setting screen prepared in advance
| OneLogin setting screen (copy source) | ovice setting screen (paste destination) |
|---|---|
| "View Details" of the X.509 Certificate | IdP x509 certificate |
| Issuer URL | Entity ID |
| SAML 2.0 Endpoints (HTTP) | IdP login URL |
| SLO Endpoint (HTTP) | IdP logout URL |
8. Click Save on the ovice setting screen
Do not close the ovice setting screen in this state, as the displayed reply URL and login URL will be used later.
9. Click Configuration in the OneLogin settings screen sidebar
10. Copy and paste the information displayed on the ovice setting screen to OneLogin
| ovice setting screen (copy source) | OneLogin setting screen (paste destination) |
|---|---|
| Login URL | Login URL |
| Reply URL | ASC (Consumer) URL |
11. Click Save
12. Click Parameters in the sidebar
13. Repeat steps 14 to 18 twice and set the following two items as parameters
| Field name | Value |
|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | First Name |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
14. Click the "+" button
15. Set the above string in Field name and click Include in SAML assertion
16. Click Save
17. Select the above character string in Value
18. Click Save
From step 19 onwards, add users to the created application.
19. Select Users in the Users tab
20. Select the appropriate user and click Applications
21. Select the "+" button on the upper right
22. Select the created Application from the dropdown and click the Continue button
[Optional] How to add SAML authentication to permission settings
By combining ovice public settings and access permission settings , it is possible to allow only users with SAML authentication to access the space.
1. Scroll down the SSO setting screen of ovice and check the created SAML authentication setting in Activate SSO authentication
2. Click Save
Log In Using OneLogin
Please try logging in below.
Log in with Space's unique SSO (SAML authentication, etc.)
If Log In Using OneLogin Fails
Please check the following:
- I get a 500 error when logging in with SAML authentication
- Make sure that each item (assertion information, etc.) of the created application is set correctly.
- Make sure the user is assigned correctly in the Users and Groups settings.