Skip to main content

OneLogin secure SSO integration with SAML

OneLogin is a cloud-based identity and access management company that offers enterprise-level companies and organizations a unified access management (UAM) platform.

This document explains how to configure OneLogin and Invicti Platform for Single Sign-On.

Configure OneLogin with SAML

There are two steps to this procedure:

Step 1: Add Invicti to OneLogin

  1. Select Applications > Applications in the OneLogin admin's main menu.
  2. Click Add App.
Add application in OneLogin admin console
  1. On the Find Applications page, search for "test connector" and select SAML Custom Connector (Advanced) from the search results.
Search and select SAML Custom Connector (Advanced)
  1. On the Add SAML Custom Connector (Advanced) page, enter a name for your app and optionally change icons and enter a description.
  2. Enable the Visible in portal toggle.
Configure SAML Custom Connector name and visibility
  1. Click Save to add the application.

Step 2: Configure OneLogin Single Sign-On Integration with SAML

  1. Select Applications > Applications in OneLogin.
  2. Click your app to edit it.
  3. In a new browser tab, select Settings > Security & access control > SSO & Provisioning from the Invicti left-side menu.
  4. Turn on the Enable SSO toggle.
  5. Select OneLoginSecure from the SSO Provider drop-down list.
Enable OneLogin SSO provider in Invicti Platform
  1. In the OneLogin tab, select Configuration from the left-side menu.
  2. In the Invicti tab, copy the SAML 2.0 Service URL and paste it into the ACS (Consumer) URL Validator field on the OneLogin tab.
  3. In the Invicti tab, copy the Identifier URL and paste it into the ACS (Consumer) URL field on the OneLogin tab.
Configure ACS Consumer URL and Identifier in OneLogin
  1. Select Save in the OneLogin tab.
  2. Select Parameters from the left menu in the OneLogin tab.
  3. Click + (the plus sign) to add a new parameter.
  4. On the New Field dialog, enter user.FirstName to the Field name.
Add new parameter for user's First Name in OneLogin
  1. Select Include in SAML assertion and click Save.
  2. On the Edit Field user.FirstName dialog, select First Name from the Value drop-down. Then click Save.
Configure First Name parameter in SAML assertion
  1. On the SAML Custom Connector (Advanced) page, select SSO.
  2. From the SAML Signature Algorithm drop-down, select SHA-256.
  3. Copy the Issuer URL field into the IdP Identifier field in Invicti.
  4. In the OneLogin tab, copy the SAML 2.0 Endpoint (HTTP) URL. Then paste it into the SAML 2.0 Endpoint field in Invicti.
Configure SSO settings and X.509 Certificate in OneLogin
  1. In the OneLogin tab, select View Details in the X.509 Certificate section.
Configure SSO settings and X.509 Certificate in OneLogin
  1. Copy the X.509 Certificate information and paste it into the X.509 Certificate field in Invicti.
  2. In Invicti, if you select Require encrypted assertions, do one of the following:
    • Select Generate a new certificate; OR
    • Select I have an existing certificate, then upload your certificate and enter the certificate password.
Configure SSO Exemptions and save settings in Invicti
  1. On the OneLogin page, select Save to save the settings.
  2. From the Invicti SSO Exemptions drop-down, you can select specific users to exempt them from SSO. This means the selected users can log in to Invicti via password.
  3. Click Save on the Invicti tab to complete the integration.

Now you can add users to the Invicti application in OneLogin, and they can log in to Invicti using Single Sign-On.

info

To learn more about the Single Sign-On fields, refer to the Single Sign-On configuration document.

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center

Was this page useful?