Skip to main content
Setup SAML SSO on Onelogin
Ha Ngan Nguyen avatar
Written by Ha Ngan Nguyen
Updated over 3 months ago

Setup on Onelogin

Step 1: Login to the Admin console

Step 2: Create a new App & Integrate into Creative Force

Applications / Add app

Search “SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)” / Choose App

Input the name and click Save.

Configuration SAML to integrate into Creative Force

  1. On the Configuration tab, fill in the configuration generated from the Creative Force SSO Settings page

SAML Audience URL

See “SP Entity ID” at SSO - How to setup SSO in CF

ACS (Consumer) URL Validator

See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF

ACS (Consumer) URL

See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF

Recipient

See “SP Assertion Consumer Service Url” at SSO - How to setup SSO in CF

RelayState (fill this in if you want to login to CF directly from OneLogin)

RelayState

2. Go to the SSO tab to retrieve the information for the Certificate and the Identity Provider URL

  • To download the Certificate, click on View Details and then click on Download to download the onelogin.pem file.

  • The Identity Provider URL is the URL under SAML 2.0 Endpoint (HTTP).

3. On the Parameters tab, click on the plus sign to add a new parameter so the user’s email is available for authentication. The new parameter field name required email, its value Email and the Include in SAML Assertion check needs to be enabled:

Update parameter:

scimusername: value = Email

New parameter:

The setting looks like this:

Step 3 Assign user to integration App

  • Add one user, go to “User” menu/ Choose user / User Infor/ navigate to “Applications tab”/ click on the plus sign to add an application

  • Add user by role: on the “Access” tab, select the user’s role and click save

  • Note: If you want to create a new user:

    • 1 user, In menu User > User > Click the button “New user” and input information.

  • Import user, click the dropdown “More Actions”, select “Import User”

Copy Identity Provider metadata url

1. Login to developer admin console of Onelogin.

2. Click menu Applications/Applications and choose your App Integration.

3. Click dropdown “More Actions”, choose “SAML Metadata” to download metadata. That’s “Identity Provider metadata URL”

Setup SCIM provisioning on Onelogin

Notes: Currently, CF SCIM only supports UsersController.

Required: Need to create a custom Onelogin app and set up SSO on Gamma beforehand.

Step 1: Login to Admin Console

Step 2: Enable provisioning

  • Click the menu Applications/Applications and choose your App Integration

  • In the “Provisioningtab, tick “Enable provisioning” and “Save”

Step 3: Setup SCIM

Prepare Creativeforce SCIM token

  • Login to Gamma

  • Navigate to “STUDIO SETTINGS” > “SSO SETTINGS

  • Copy SCIM BEARER TOKEN

Setup SCIM on Onelogin

  • Navigate to the “Provisioning” tab

  • Click the button “Enable”

  • Fill / tick fields by following the below then “Save

SCIM Base URL

The SCIM URL

SCIM Bearer Token

*Paste value from step Prepare CF SCIM token*

  • On the Parameters tab, edit parameters and the Include in User Provisioning check needs to be enabled:

The setting looks like this:

  • Click the button “More Actions”, and select the option “Reapply entitlement mappings”

  • Click the button “More Actions”, and select the option “Sync logins”

  • Go to USERS > Provisioning to view the provisioning tasks in a queue requiring your approval.

  • Select a Tasks row and manually APPROVE or IGNORE each provisioning action, as appropriate.

  • Click “Bulk approve..” to approve all users.

  • Monitor provisioning progress by accessing the Users tab for your SCIM test app.

Did this answer your question?