Configuring SAML for SugarCRM


This topic describes how to configure OneLogin to provide SSO for SugarCRM using SAML.

  1. Log into OneLogin as an admin and go to Apps > Add Apps.

  2. Search for and select the SugarCRM connector.

    The initial Configuration tab appears.

  3. Ensure that SAML2.0 is selected in the Connectors section.

  4. Click Save to add the app to your Company Apps and display additional configuration tabs.

    The Info tab appears.

  5. Go to the Configuration tab.

  6. In the Site URL field, enter the URL of your SugarCRM instance.

    http://server/sugarcrm

  7. Go to the Parameters tab and map SugarCRM attributes to OneLogin attributes.

    In most cases, you should keep the Configured by admin default. For more information, see Setting Credential Configuration Options.

    For most implementations, you can accept the default attribute mappings. Ensure that the SugarCRM field Email is set to Email. To change OneLogin values, click the parameter row to open the Edit Field dialog, and select the value from the drop-down list. Click Save if you made any changes on the Parameters tab.

  8. Go to the SSO tab to configure your SugarCRM account with OneLogin's SAML settings.

    1. In a new browser tab, log into your organization's SugarCRM account as admin.

    2. Go to Your Profile > Admin > Password Management.

    3. Select the Enable SAML Authentication option.

    4. With both the OneLogin SSO tab and your SugarCRM SAML Authentication page open, copy the SAML values from the OneLogin SSO tab to the analogous SugarCRM fields.

      Copy this OneLogin SSO field value: To this SugarCRM SAML Authentication field:

      SAML 2.0 Endpoint (HTTP)

      Login URL

      X.509 Certificate

      To get the X.509 Certificate, click View Details to open the certificate page. Copy the entire X.509 Certificate, including "----BEGIN CERTIFICATE----" and "----END CERTIFICATE----."

      X.509 Certificate

      Paste the entire X.509 Certificate into the SugarCRM field X.509 Certificate, including "----BEGIN CERTIFICATE----" and "----END CERTIFICATE----"

      When you have completed the SugarCRM SAML Authentication page, it should look like this:

    5. In the SugarCRM SAML Authentication page, click Save.

  9. On the OneLogin Access tab, assign the OneLogin roles that should have access to SugarCRM and provide any app security policy that you want to apply to SugarCRM.

    You can also go to Users > All Users to add the app to individual user accounts.

  10. Click Save.

  11. Test the SAML connection.

    1. Ensure that you have user accounts in both OneLogin and SugarCRM that use the same email as the username.

      You can create a test user, or you can use your own account if you choose.

    2. Make sure you are logged out of SugarCRM.

    3. Log in to OneLogin as an admin and give the test user access to the SugarCRM app in OneLogin. (See step 9 above)

    4. Log in to OneLogin as the test user.

    5. Click the SugarCRM icon on your OneLogin dashboard.

      If you are able to access SugarCRM, then SAML works.