This site requires JavaScript to be enabled
External Customer KB > General > Configuring SAML for
Configuring SAML for
Article: KB0010780 Published: 06/06/2019 Last modified: 02/18/2020

This topic describes how to configure OneLogin to provide single sign-on (SSO) for using SAML. (To set up SSO for with form-based authentication, see Adding a Form-Based Application.)

  1. Log in to OneLogin and go to Apps > Add Apps.

  2. Search for In the Find Applications list and select the connector that is enabled for SAML 2.0.

  3. On the Configuration tab, you can optionally change the Display Name and add an icon.

    To upload an icon, double-click the icon box.

  4. Click Save to add the app to your Company Apps and display additional configuration tabs.

  5. On the Parameters tab, view the default settings used to map user attributes to OneLogin values. The OneLogin attribute values are passed to in the SAML assertion.

    In a standard implementation, you should accept these defaults: Field OneLogin Value Notes
    Email (Attribute) Email The attribute used as the address in a SAML assertion.
    Email (SAML NameID) Email The attribute used as the subject in a SAML assertion.
    First Name First Name  
    Last Name Last Name  


    Note: The default Credentials are setting (Configured by admin) is almost always the right choice. To use Configured by admins and shared by all users, see Setting Credential Configuration Options.

  6. On the Access tab, assign the OneLogin roles that have access to and provide any app security policy that you want to apply.

    Roles dictate which users have access to Policies determine if users are required to access the app from specific IP addresses and if they must provide secondary authentication factors (one-time passwords). On the Access tab, assign the OneLogin roles that have access to and provide any app security policy that you want to apply.

    If you want to wait until you have configured the SAML SSO connection (in the next step) and tested that connection before you give users access to this app, you can accept the defaults and continue to the SSO tab.

    Note: You can also go to Users > All Users to add the app to individual user accounts, then return to this app configuration page to complete SSO configuration. For more information, see Assigning Apps to Users.

  7. On the SSO tab, make note of the SAML settings that you will provide to the support team.

      • Copy the Issuer URL and the SAML2.0 Endpoint (HTTP).

      • Download the X.509 PEM Certificate:

    1. Click View Details. This displays the Certificate page.

    2. Select X.509 PEM from the drop-down list and click Download.

    Note: If you want a different certificate, click Change. Then select the new certificate and follow the above instructions. You can create new X.509 certificates for selection by going to Settings > Certificates and clicking New.

  8. Contact the support team and provide them with the SAML HTTP Endpoint, Issuer URL, and X.509 certificate.

  9. Test the SAML connection.

    1. Confirm that support has added the SAML settings to your account.

    2. Make sure you are logged out of

    3. Give yourself, or a OneLogin test account, access to the app in OneLogin.

    4. Click the icon on your OneLogin dashboard.

    5. If you are able to access, then SAML works.

Expand/Collapse Comments
Was this helpful?