How to setup OneLogin as an Identity Provider

Please read How to setup Single Sign On (SAML) before following this guide.

1. Login to OneLogin as an Administrator
2. Click Administration in the top right
3. On the top navigation, click Applications and select Applications
4. Click the Add App button
5. In the Search box, enter "SAML Custom", and in the results select SAML Custom Connector (Advanced)
6. In the Display Name box, enter the name you want to show your users
7. Upload an appropriate logo for the Rectangular Icon and Square Icon
8. Optionally, add an appropriate description
9. Click Save to continue
10. On the left navigation, click Configuration
11. In the Audience (Entity ID) box, enter our Entity ID
12. In the Recipient box, enter our ACS URL
13. In the ACS (Consumer) URL Validator box, enter our ACS URL Validator
14. In the ACS (Consumer) URL box, enter our ACS URL
15. Set the SAML nameID format to 'Unspecified'
16. Set the SAML signature element to 'Assertion'
17. Click Save to continue
18. On the left navigation, click SSO
19. Set the SAML Signature Algorithm to “SHA-256”
20. Click Save to continue

In the next step, you need to get some information so you can add your Identity Provider to our app:

1. On the left navigation, click SSO
2. Copy and save the values for Issuer URL (i.e. Issuer) and SAML 2.0 Endpoint (HTTP) (i.e. Sign on URL)
3. Below X.509 Certificate, click View Details link
4. Download the Certificate (in "X.509 PEM" format) to your desktop

At this point we suggest you assign the app to a test user via the Users section (once you have tested it, you can assign all your users as needed).