Setup on Onelogin
Step 1: Login to the Admin console
Step 2: Create a new App & Integrate into Creative Force
Applications / Add app
Search “SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)” / Choose App
Input the name and click Save.
Configuration SAML to integrate into Creative Force
On the Configuration tab, fill in the configuration generated from the Creative Force SSO Settings page
SAML Audience URL | See “SP Entity ID” at SSO - How to setup SSO in CF |
ACS (Consumer) URL Validator | See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF |
ACS (Consumer) URL | See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF |
Recipient | See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF |
RelayState (fill this in if you want to login to CF directly from OneLogin) | RelayState |
2. Go to the SSO tab to retrieve the information for the Certificate and the Identity Provider URL
To download the Certificate, click on View Details and then click on Download to download the onelogin.pem file.
The Identity Provider URL is the URL under SAML 2.0 Endpoint (HTTP).
3. On the Parameters tab, click on the plus sign to add a new parameter so the user’s email is available for authentication. The new parameter field name required email, its value Email and the Include in SAML Assertion check needs to be enabled:
Update parameter:
scimusername: value = Email
New parameter:
Xml namespace | Onelogin | Required? |
Yes | ||
First Name | No | |
Last Name | No |
The setting looks like this:
Step 3 Assign user to integration App
Add one user, go to “User” menu/ Choose user / User Infor/ navigate to “Applications tab”/ click on the plus sign to add an application
Add user by role: on the “Access” tab, select the user’s role and click save
Note: If you want to create a new user:
1 user, In menu User > User > Click the button “New user” and input information.
Import user, click the dropdown “More Actions”, select “Import User”
Copy Identity Provider metadata url
1. Login to developer admin console of Onelogin.
2. Click menu Applications/Applications and choose your App Integration.
3. Click dropdown “More Actions”, choose “SAML Metadata” to download metadata. That’s “Identity Provider metadata URL”
Setup SCIM provisioning on Onelogin
Notes: Currently, CF SCIM only supports UsersController.
Required: Need to create a custom Onelogin app and set up SSO on Gamma beforehand.
Step 1: Login to Admin Console
Step 2: Enable provisioning
Click the menu Applications/Applications and choose your App Integration
In the “Provisioning” tab, tick “Enable provisioning” and “Save”
Step 3: Setup SCIM
Prepare Creativeforce SCIM token
Login to Gamma
Navigate to “STUDIO SETTINGS” > “SSO SETTINGS”
Copy SCIM BEARER TOKEN
Setup SCIM on Onelogin
Navigate to the “Provisioning” tab
Click the button “Enable”
Fill / tick fields by following the below then “Save”
SCIM Base URL | The SCIM URL |
SCIM Bearer Token | *Paste value from step Prepare CF SCIM token* |
On the Parameters tab, edit parameters and the Include in User Provisioning check needs to be enabled:
Xml namespace | Onelogin |
First Name | |
Last Name |
The setting looks like this:
Click the button “More Actions”, and select the option “Reapply entitlement mappings”
Click the button “More Actions”, and select the option “Sync logins”
Go to USERS > Provisioning to view the provisioning tasks in a queue requiring your approval.
Select a Tasks row and manually APPROVE or IGNORE each provisioning action, as appropriate.
Click “Bulk approve..” to approve all users.