OneLogin SSO

OneLogin SSO offers a seamless and secure way for users to access various applications with just one set of login credentials, enhancing both the user experience and organizational security. OneLogin SSO simplifies the login process by enabling users to access multiple applications, both web-based and on-premises, without needing to remember different usernames and passwords for each one.


Configure Settings in OneLogin Server

To configure settings in the OneLogin server, follow these steps:  

1. Login to the Onelogin server > Apps > Add Apps.

2. On the Search tab, search for SAML Application.

3. Select SAML Test Connector (Idp). 

4. Create a new app with the display name as SureMDM and click Save.

5. Navigate to the Configuration tab and enter the following details:

  •  Relay State: \<BLANK>
  • Audience urn: 42gears:suremdm:SAML2ServiceProvider
  • Recipient: https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID
  • ACS (Consumer) URL Validator: https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID
  • ACS (Consumer) URL*: https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID
  • Single Logout URL: https://(SureMDM Hub Server Path)/adminconsole/ssoconsumer/Hub ID

Note:

Admin should enter their SureMDM Server Path and Hub ID into the above-mentioned URL. 

    1. Select the SSO tab and change the SAML Signature Algorithm to SHA -256 and click Save
    2. Download SAML Metadata from the More Actions section present at the top of the page. A certificate will be downloaded.


Configure Settings in SureMDM Hub (OneLogin)

To configure SSO settings in SureMDM Hub, follow these steps:

1. Login to the SureMDM Hub as a Superuser.

2. Navigate to SureMDM Hub  >  Account Management > Single Sign On

3. Configure Single Sign-On settings for OneLogin.

  • Enable Single Sign-On: Select this option to allow configuring Single Sign-On settings.
  • Service Identifier: This value is present under EntityDescriptor > IDPSSODescriptor > SingleSignOnService (node with HTTP-Redirect binding) > Location

Fetch these values from the certificate downloaded in step no.7, Configure settings in onelogin server.

For example: https://app.onelogin.com/saml/metadata/651423

  • Sign On Service Url: Enter the Service Identifier Url. This value is present under the EntityDescriptor tag, entityID property of your metadata XML file.

For example: Example: https://42g.onelogin.com/trust/saml2/http-redirect/sso/651423

Fetch these values from the certificate downloaded in step no.7, Configure settings in onelogin server.

For example: https://42g.onelogin.com/trust/saml2/http-redirect/sso/651423*

  • Logout Service Url: Enter the URL for logout.

For example: https://mr54live.onelogin.com/trust/saml2/http-redirect/slo/1035857

  • Roles: Choose an option for the Roles from the drop-down menu. To know more, see Create Roles for the Admin User.

4. Click Generate Certificate to generate a self-signed certificate on the server and make it ready for download.

or

Click Upload Certificate to upload another certificate. 

These options are available when no certificate is uploaded.

5. Once configured, click Save.