Skip to main content

OneLogin SSO

OneLogin SSO offers a seamless and secure way for users to access various applications with just one set of login credentials, enhancing both the user experience and organizational security. OneLogin SSO simplifies the login process by enabling users to access multiple applications, both web-based and on-premises, without needing to remember different usernames and passwords for each one.

Configure Settings in OneLogin Server

To configure settings in the OneLogin server, follow these steps:  

  1. Login to the Onelogin server > Apps > Add Apps.

  2. On the Search tab, search for SAML Application.

  3. Select SAML Test Connector (Idp). 

  4. Create a new app with the display name as SureMDM and click Save.

  5. Navigate to the Configuration tab and enter the following details:

  •  Relay State: \<BLANK>
  • Audience urn: 42gears:suremdm:SAML2ServiceProvider
  • Recipient: https:// (SureMDM Server Path)/console/ssoconsumer/(Encrypted MDM Account ID)
  • ACS (Consumer) URL Validator: https:// (SureMDM Server Path)/console/ssoconsumer/(Encrypted MDM Account ID)
  • ACS (Consumer) URL*: https:// (SureMDM Server Path)/console/ssoconsumer/(Encrypted MDM Account ID)
  • Single Logout URL: https:// (SureMDM Server Path)/console/ssoconsumer/(Encrypted MDM Account ID)
    note

    Admin should enter their SureMDM Server Path and Account ID into the above-mentioned URL. To get the encrypted account ID, follow these steps:

  1. Navigate to the SureMDM Console > Account Settings > Enterprise Integrations > SAML Single Sign-On.

  2. On the SAML Single Sign-On screen, locate the Assertion URL to get the Encrypted Account ID. :::

  3. Select the SSO tab and change the SAML Signature Algorithm to SHA -256 and click Save. 

  4. Download SAML Metadata from the More Actions section present at the top of the page. A certificate will be downloaded.

Configure Settings in SureMDM Web Console (OneLogin)

To configure SSO settings in SureMDM Web Console, follow these steps:

note

Log into SureMDM Web Console as a Superuser.

  1. Navigate to SureMDM Web Console > Settings (icon located at the top right of the screen) > Account Settings > Enterprise Integrations > SAML Single Sign-On.

  2. Configure Single Sign-On settings for OneLogin.

SettingsDescription
Enable Single Sign-OnSelect this option to allow configuring Single Sign-On settings.
Select Identity Provider (IdP)Select OneLogin.
Service Identifier

Enter the Service Identifier.

This value is present under EntityDescriptor > IDPSSODescriptor > SingleSignOnService (node with HTTP-Redirect binding) > Location

Fetch these values from the certificate downloaded in step no.7, Configure settings in onelogin server.

For example: https://app.onelogin.com/saml/metadata/651423

Sign On Service Url

Enter the Service Identifier Url. This value is present under the EntityDescriptor tag, entityID property of your metadata XML file.

For example: Example: https://42g.onelogin.com/trust/saml2/http-redirect/sso/651423

Fetch these values from the certificate downloaded in step no.7, Configure settings in onelogin server.

For example: https://42g.onelogin.com/trust/saml2/http-redirect/sso/651423*

Logout Service Url

Enter the URL for logout.

For example: https://mr54live.onelogin.com/trust/saml2/http-redirect/slo/1035857

RolesChoose an option for the Roles from the drop-down menu. To know more, see Configure Permissions for Role-Based Admin.
Device Group SetChoose an option for Device Group Set from the drop-down menu. To know more, see Configure Permissions for Device Group Set Based Admin
Jobs/Profiles Folder SetChoose an option for Device Group Set from the drop-down menu. To know more, see Configure Permissions for Job Folder Set Based Admin.
  1. Copy the text value present inside EntityDescriptor > KeyDescriptor > ds:KeyInfo > ds:X509Data > ds:X509 Certificate and save it in a file with the extension .cer. 

Alt text

  1. Click Upload Certificate to Upload cer file. 

    Keep the password field empty. If the Upload Certificate option is not visible and Download Certificate is visible instead, then delete the existing certificate and again upload the saved cer file.

  2. Login to OneLogin to log in to the 42Gears UEM server.

    For example:  https://42gears.suremdm.io/console/ssologin/(SureMDM Account ID)

note

Admins should enter their Server URL and Account ID into the above-mentioned URL.