OneLogin is a reliable integrator for Single Sign-On for all your web and mobile applications. The service offers a full-featured federation engine and a flexible access policy. A user can log in with a single ID to gain access to connected systems without being prompted for different usernames or passwords.
This article covers two setups:
Configuration in One-Login
1. Go to www.onelogin.com and click on LOG IN.
2. From the login page:
i. Enter your email address and password.
ii.Click on the LOGIN.
3. From the top menu bar, go to APPS >> Company APPS:
4. On the Company Apps page, click on the ADD APP button.
5. You will be redirected to the Find Applications page:
i. In the search box, type the keyword saml to list all SAML related applications.
ii. Click on SAML Test Connector (IdP w/ attr w/ sign response).
6. On the Configuration page of the SAML Test Connector:
i. Enter a Display Name.
ii. Then click on the Save button to successfully add the application.
Note: To upload an icon for your APP, select from either the rectangle or the square, depending upon the shape of your icon.
7. At this stage, some new parameters need to be defined from Onelogin to map user data with VIDIZMO. To do this, click on the Parameters tab to define new parameters.
8. Click on Add parameter.
9. A New Field popup window will appear:
i. Enter the Field name of the parameter.
ii. Select the Include in SAML assertion checkbox.
iii. Click on the SAVE button to save the settings.
10. The new parameter gets added successfully and shows up in the table below. Click on it to define its value.
11. An Edit Field [parameter] popup window will appear:
i. Select the Value from the dropdown list.
ii. Make sure that the Include in SAML assertion checkbox is selected.
iii. Click on the SAVE button.
12. Repeat the steps above to add three more parameters. The list of parameters and their values is given below:
13. Once the parameters have been defined, click on the SSO tab. Click on the Copy icon against SAML 2.0 Endpoint (HTTP) to copy the URL. This will be used while configuring OneLogin in VIDIZMO.
14. Under X.509 Certificate, click on View Details.
15. View Details link takes you to the Standard Strength Certificate (2048-bit) page. Copy the X.509 Certificate. This will be used while configuring OneLogin in VIDIZMO.
The Certificate should be X.509 PEM and should be SHA1 based signatures.
Do not include the lines which contain BEGIN CERTIFICATE and END CERTIFICATE.
Configuration in VIDIZMO
1. From the Account/Channel's Homepage, go to Admin >> Settings.
2. At Settings page, click on Login tab.
3. Click on Enable on the Corporate Login box.
4. Select the Identity Provider (SAMLP) from the dropdown list.
5. Once on the Corporate Login screen, you will need to do the following:
i. Enter SAML 2.0 Endpoint (HTTP) URL as the Login URL which you copied in Step 13 of Configuration in OneLogin.
ii. Enter Sign-In Caption and Sign-In Caption Tooltip. This is shown on the sign-in page of the application.
iii. Click Next (>) icon.
6. In the Request Signing Certificate (X509) field, paste the Certificate which you copied in Step 15 of Configuration in OneLogin.
7. Similarly, in the SAMLP Request text box, copy the SAMLP Request provided below:
<span style="font-size: 18px;"><samlp:AuthnRequest ID="_4d7cb64d-d38e-46fd-ac87-2671d4173eaf" Version="2.0" IssueInstant="2013-24-22T8:24:03Z" AssertionConsumerServiceURL="http://channel.domainname.com/Handlers/SignInHandler.ashx?" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://channel.domainname.com/</saml:Issuer> <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" AllowCreate="true"/> <samlp:RequestedAuthnContext Comparison="exact"> <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest></span>
Note: Replace [channel.domainname.com] with your Account/Channel URL. There are two instances of "channel.domainname.com" which need to be replaced with your URL.
Click the Next (>) icon to go to next screen of the Corporate Login settings.
8. Finally, select the Enabled SAMLP Request checkbox and click on the Done link to complete the Corporate Login settings.
9. Now add the Identity Provider's domain as a trusted domain. To do this, enable the Trusted Domains feature by clicking on the Enable link on Trusted Domains box.
10. Once you are on the Trusted Domains screen, do the following:
i. Enter *.onelogin.com as your Trusted Domain.
ii. Select Allow embedding on above domain(s) only checkbox.
iii. Click on Done.
11. Click on Update to save the changes.
12. A message will appear on top of the screen stating: Channel details have been updated successfully.
After these settings have been updated, SSO gets setup successfully using OneLogin.
1. From the top menu bar, click on Sign In.
2. You will be redirected to the Sign In page. Click on the link to sign in to your Account/Channel.
3. You will be redirected to the Account/Channel's Homepage.