Tutorial: Adding OneLogin Identity Provider
4 minutes to readThe following article will guide you on how to add an OneLogin identity provider. By doing that users in your organization will be able to access Caspio apps using credentials managed by OneLogin and sign out of both a Caspio directory and OneLogin with a single action.
Before you begin:
Sign in to OneLogin with admin rights and set up a OneLogin account.
STEPS IN ONELOGIN
- Sign in to OneLogin.
- From the upper menu, select Applications > Applications.
- Select Add App to create a new application.
- Using search, find SAML Custom Connector (Advanced) and click it.
- In the Portal section, configure the general settings of your app, such as name and logo, and click Save.
STEPS IN CASPIO DIRECTORIES
- In Caspio directories, in the Identity providers tab, click Add identity provider. Links from the 1. Service provider information section will be needed to configure the external identity provider.
STEPS IN ONELOGIN
- Go to the Configuration tab and copy-paste the links according to the following table:
Caspio→ Service provider information | OneLogin → Configuration |
---|---|
Copy the Service provider identifier (Entity ID) URL… | …and paste it into the Audience (Entity ID) and Recipient fields in OneLogin. |
Copy the Reply URL (Assertion consumer service URL) URL… | …and paste it into the ACS (Consumer) URL Validator and ACS (Consumer) URL fields in OneLogin. |
Copy the Logout URL… | …select Sign SLO Request and paste the link into the Single Logout URL field in OneLogin. This setting automatically signs users out of Caspio when they sign out of OneLogin. |
Note: Setting the logout URL to enable single logout is optional but recommended because it increases application security.
- From the SSO tab, download x.509 Certificate. Click View Details. You will need this text in step 9c.
STEPS IN CASPIO DIRECTORIES
- In Caspio directories, in the Add Identity provider right panel, perform the following actions:
- Enter the name and select a user identifier in 2. Identity provider information. We recommend using the default Email field.
- Provide the copied links from step 6 according to the following table:
OneLogin → SSO | Caspio→ Identity provider information |
---|---|
Copy the Issuer URL… | …and paste it into the Identity provider identifier field in Caspio. |
Copy the SAML 2.0 Endpoint (HTTP) link… | …and paste it into the Single sign-on URL field in Caspio. |
Copy the SLO Endpoint (HTTP) link… | …and paste it into Logout URL field in Caspio. This setting automatically signs users out of OneLogin when they sign out of Caspio. |
Note: Setting the logout URL to enable single logout is optional but recommended because it increases application security.
- In the SAML signing certificate (x.509), upload a certificate from step 8.
Setting Single Sign-out
You can configure a single logout to sign out end users of both a Caspio directory and OneLogin with a single action. To do that, perform the following steps:
STEPS IN CASPIO DIRECTORIES
- Copy the Logout URL link from the 1. Service Provider Information section in Caspio.
STEPS IN ONELOGIN
- Go to OneLogin and select the Configuration tab. Select Sign SLO Request and update the Single Logout URL field with the link copied from Caspio.
- In the SSO tab, copy SLO Endpoint (HTTP).
STEPS IN CASPIO DIRECTORIES
- Paste the copied link from step 3 in Caspio > Identity provider information > Logout URL.
Testing
- Add a user to an app in OneLogin.
- In the upper menu, select Users > Users.
- Enter user information and click Save User.
- Select More Actions → Change Password and set a password.
- From the left User info panel, select Applications.
- Select created SAML Test Connector, then click Continue → Save → Save User.
- Add a user in Caspio directories.
- In the Users tab, create a user.
- Fill in an email address of the testing user from OneLogin (step 1b of the testing procedure). User email in OneLogin and Caspio directory must match to authenticate a user.
- Select sign-in method as per the identity provider name set up in step 5.
- Sign in to user portal with OneLogin.
- In Caspio directories, select User portal.
- In the User portal URLs, click the Settings URL.
- In the login page of a user portal, enter an email address of the newly created test user in Caspio directory.
- In OneLogin login page, sign in with the OneLogin credentials.
- You should be redirected to the Settings page of the user portal where you can see the profile information of the logged in user, including the email address.