This article is to be used in conjunction with Adding a New SAML Authenticator & Enabling Single Sign On
- Sign in to OneLogin as a OneLogin Administrator.
- Navigate to and click on Applications on the navigation menu.
- Search for SAML, and select SAML Test Connector (IdP w/ attr w/ sign response).
- Under Configuration, input the following information:
- Leave RelayState blank
- Under Audience, enter the ServiceProvider value as it will be set in Intelligencebank Authenticator page. e.g. IB
- Under Recipient, enter the platform URL and append /auth at the end of it.
- Under ACS (Consumer) URL Validator, enter .*
- Under ACS (Consumer) URL, enter the platform URL and append /auth?acs at the end of it.
- Under Single Logout URL, enter the platform URL and append /auth?sls at the end of it.
- Under SSO, copy and paste the following information into IntelligenceBank's Authenticators area, under a new authenticator:
- Issuer URL into Name and Host.
- SAML 2.0 Endpoint (HTTP) into Remote URl (only require if users are to access IntelligenceBank from another location, e.g. your intranet or the OneLogin portal, via Single Legged authentication).
- SLO Endpoint (HTTP) into SingleLogoutService.
- Under X.509 Certificate field, click View Details. Copy and paste X.509 Certificate value into CertData, and Fingerprint value into CertFingerprint.
- Add the users that should be able to login to IntelligenceBank under Users.
- You can set the values to be passed on in the assertion, including a Permission Group Mapping field under Parameters. Make sure Email (SAML NameID) is enabled.
- In IntelligenceBank, when ready to turn the Authenticator on, update it to "Disabled" = Off. All users will be enabled as SSO Users by default. To disable SSO authentication for select users, go to their user profile, and enable the IntelligenceBank Login option.
Please sign in to leave a comment.