Configuring SAML SSO for OneLogin

This guide walks through how to configure your account to use OneLogin as SAML identity provider (IdP)

Create an App in OneLogin

  1. Go to the Administration Section
  2. Go to Apps -> Add App
  3. Find and select the "SAML Test Connector (IdP)" App
  4. Give your app a display name (eg Blueshift Dashboard) 

Configuring the App in OneLogin

  1. Open a new browser tab and navigate to https://app.getblueshift.com/dashboard#/app/account/sso
  2. Copy the "Consumer Url"
  3. Go to the "Configuration" tab of the newly created OneLogin SAML app
  4. Paste the "ACS Consumer Url" from Blueshift into "ACS (Consumer) URL" input and the "Recipient" input of the OneLogin SAML app
  5. Copy the "Entity Id" from Blueshift and paste it into the "Audience" input of the OneLogin SAML app
  6. Enter https:\/\/app.getblueshift.com\/users\/auth\/saml\/callback  into the "ACS (Consumer) URL Validator*" input of the OneLogin SAML app
  7. Click the "Save" button in OneLogin 

Configuring Blueshift For Single Sign On

  1. Go to the "SSO" tab of the OneLogin SAML app
  2. Click on "View Details" of the X.509 Certificate and copy the certificate
  3. Paste the certificate into the "X.509 Certificate" field in Blueshift
  4. Copy the "SAML 2.0 Endpoint (HTTP)" from OneLogin and paste it into the "
  5. Click the "Save" button in Blueshift

Using Single Sign On

  1. Once the SAML configuration is successfully saved, sign out of Blueshift.
  2. Sign back in to Blueshift via SAML by entering your email only (no password).
  3. The authentication process will automatically redirect you to sign in via the OneLogin application.

Important Note: In order to sign in to Blueshift, a user needs to be authenticated via a matching email and authorized to use the app by the Identity Provider. For example, if your email in Blueshift is john@example.com, then the OneLogin app also needs to have a user with an email of john@example.com associated with the Blueshift SAML app.

If you get locked out of your account while attempting to configure SAML single sign on, you can access the password based login via https://app.getblueshift.com/users/sign_in?pw=1.

Once you have signed in successfully via single sign-on, you should set Disable Passwords to true in Account Settings > SSO configuration tab. This ensures that the account is solely accessible via your identity provider.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.