Setting up OneLogin

This section describes how to use OneLogin SAML 2.0 authentication to log in to your ovice account. If you want to set up common SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following.
SAML authentication settings for a hierarchical structure (building)

 

Advance Preparation

1. Make sure you have the necessary permissions to set it up

  • OneLogin admin privileges
  • ovice admin privileges

2. Click the three dots in the space header and select the "Space" tab.
*If you are not the organization owner, there is no need to select a tab.

space-settings.png

3. Go to "Space Settings" → "Space Access Settings" → "Member Whitelist Rules" and click "Email Account Authentication"

4. Select the "SSO" tab

Screenshot_2023-03-24_at_2.39.00_PM.png

5. Click the + button next to "SAML Authentication Setup"

6. Enter any name in the IdP name field.

This name will appear on the space URL login screen.

Screenshot_2023-03-31_at_8.58.53_AM.png

7. Select the redirect destination

Select the screen each user will be redirected to when they log in.

space Redirect into space
lobby Redirect to the lobby screen (space list)

 

Do not close the ovice settings screen at this point, as we will set other items later.

 

Configuring OneLogin

1. Access the OneLogin administration screen

https://app.onelogin.com/login

2. Click "Applications" from the "Applications" menu bar.

Screenshot_2023-03-31_at_9.08.23_AM.png

3. Click "Add App"

4. Enter "SAML" in the search box and click "SAML Custom Connector (Advanced)"

5. Change the "Display name" to any name and click "Save"

*The icon image can also be changed.

6. Click "SSO" in the sidebar

Screenshot_2023-03-31_at_9.14.28_AM.png

7. Copy and paste the OneLogin information into the service settings screen  you prepared in advance

OneLogin settings screen (copy source) ovice setting screen (paste destination)
View Details for X.509 Certificate IdP x509 cert
Issuer URL Entity ID
SAML 2.0 Endpoint (HTTP) IdP Login URL
SLO Endpoint (HTTP) IdP Logout URL

 

8. Click "Save" on the ovice settings screen

The displayed reply URL and login URL will be set in OneLogin later, so do not close the ovice settings screen at this point.

9. Click "Configuration" on the sidebar of the OneLogin settings screen

Screenshot_2023-03-31_at_9.31.16_AM.png

10. Edit each item

OneLogin settings screen Editing Contents
Recipient Paste the "Reply URL" from the ovice settings screen
Login URL Paste the "Login URL" from the ovice settings screen
SAML not valid before Delete Default
SAML not valid on or after Delete Default
SAML initiator Set as Service Provider
SAML signature element Assertion


*Other items can be left in the default state.
*There is no need to set the "Identifier" item, which can be obtained on the ovicee setting screen.

11. Click "Save"

12. Click "Parameters" on the sidebar

13. Repeat steps 14 to 18 twice and set the following two items as parameters:

Field name Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname First Name
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress Email

 

14. Click the "+" button

15. Set the above string in Field name and click "Include in SAML assertion"

16. Click "Save"

17. Select the above string in Value

18. Click "Save"

From step 19 onwards you will add users to the application you created.

19. Select “Users” in the Users tab

Screenshot 2023-08-21 at 10.39.56 AM.png

20. Select the relevant user and click "Applications"

21. Select the "+" button on the top right

Screenshot 2023-08-21 at 10.43.08 AM.png

22. Select the Application you created from the drop-down list and click the "Continue" button.

 

[Optional] How to add SAML authentication to permission settings

By combining the public settings  and  Space Access Settings  of ovice, it is possible to allow only users who have authenticated with SAML to access the space.

1. Scroll down on the ovice SSO settings screen and check the SAML authentication settings you created under "Activate SSO authentication"

2. Click "Save"

 

Logging in with OneLogin

Please refer to the following and try logging in.
Log in with the space's own SSO (SAML authentication, etc.)

 

If you are unable to log in using OneLogin

Please check the following:

 

Set up common SAML authentication for spaces in a hierarchical structure (building)

Set up the quotation settings for the space where OneLogin is set. Please see below for the setting method.
Inheritance Settings

Articles in this section

See more