OneLogin SSO
These are directions for configuration of SSO with OneLogin, from dmarcian.
The instructions are specific to a customer on the US instance, so if you are on a different region you must replace all instances of 'us.dmarcian.com' with 'eu.dmarcian.com' or similar for ca/ap/au/etc
Also replace instance of the number '888' with your own account ID number as shown in your SSO configuration page.
The instructions are specific to a customer on the US instance, so if you are on a different region you must replace all instances of 'us.dmarcian.com' with 'eu.dmarcian.com' or similar for ca/ap/au/etc
Also replace instance of the number '888' with your own account ID number as shown in your SSO configuration page.
Contact Onelogin support for further guidance
OneLogin SSO
- OneLogin: add an application: SAML Custom Connector (Advanced), give it a name and save
- OneLogin: under the app you just created, select More Actions -> SAML Metadata and save this file
- dmarcian: Preferences > SSO > Configure
- status: enabled
- Identity Provider Metadata: <select onelogin metadata file>
- Attribute Statements: email
- Save
- dmarcian: Manage Users
- Add users by email as needed
- OneLogin: under the apps configuration tab:
- Audience (Entity ID) = Add your entity ID:http://us.dmarcian.com/sso/saml/888/sp.xml
- Recipient: Add your ACS URL, this is required:http://us.dmarcian.com/login/888/handle/
- Under ACS (Consumer) URL Validator = Add a regex to force your ACS url - something like ^http:\/\/us.dmarcian.com\/login\/888\/handle\/$
- Under ACS (Consumer) URL = Add your ACS URL:http://us.dmarcian.com/login/888/handle/’
- Add the login url: http://us.dmarcian.com/login/888
- SAML signature element: at least Assertion, best to have both
- OneLogin: under the apps parameters tab:
- new Field
- name: email
- include in saml assertion: yes
- value from dropdown: Email
- new Field
Test login: via
http://us.dmarcian.com/login/888 or OneLogin portal.