OneLogin

Overview

You can integrate Observo with your OneLogin to enable Single Sign-On (SSO). The initial step involves setting up an SAML app integration in OneLogin using the information provided on the Observo SSO page. Following this, you'll need to gather some information of saml application, utilizing them to configure SSO within Observo. Further details on these procedures are elaborated in the subsequent sections of the document.

Create OneLogin SAML application

To enable users to sign in using OneLogin, it is necessary to register your application as SAML app integration within OneLogin Admin Console. Follow the steps:

• Access the OneLogin Dashboard, navigate to Apps, and select Add Apps.

• Search for SAML and choose SAML Test Connector (IdP w/attr).

• Upon prompt, modify the Display Name for your app.

• Save your changes.

• Proceed to the SSO tab, and copy the values for SAML 2.0 Endpoint (HTTP) and SLO Endpoint (HTTP).

• Click the View Details link next to the X.509 Certificate field.

• Download the X.509 certificate.

Observo Auth Domain can be found in SSO page of Observo UI.

Create OneLogin Connection in Observo

Next, Proceed to create and set up an SAML Connection in Observo by navigating to Settings > SSO > Create SSO and select SAML as IdpType. Ensure that you have the SAML 2.0 Endpoint (HTTP), SLO Endpoint (HTTP) and X.509 certificate which were generated during the setup of your saml application in the OneLogin Admin Console. Use your orgs domains as Domain Aliases.

Configure OneLogin SAML

To complete the setup of the SAML application, the administrator will require the following details.

• Post-back URL: https://{AUTH_DOMAIN}/login/callback?connection={YOUR_CONNECTION_NAME}

• Entity ID: urn:auth0:{AUTH_TENANT}:{YOUR_CONNECTION_NAME}

• Single Logout service URL: https://{AUTH_DOMAIN}/logout

Observo Auth Domain can be found in SSO page of Observo UI.

First part of your period-separated Auth Domain corresponds is your AUTH_TENANT. For example if x.y.z.com is your Auth Domain, then x is your AUTH_TENANT.

Now, it's time to complete the necessary fields in the OneLogin SAML configuration. Find these fields in the configuration section of the newly created SAML app on OneLogin. Please fill in the following fields with the relevant details mentioned earlier.

Additionally, please provide a valid regular expression for the ACS (Consumer) URL Validator. For instance:

[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)

Observo identifies users through their email addresses. Therefore, it is mandatory for all users to provide an email address during registration. To accommodate this, we need to include email as a parameter in the SAML app of OneLogin and add the parameter to the SAML assertion. Make sure that you name the parameter Email and Include in SAML assertion flag is marked while creating.

After successfully completing all the aforementioned steps, Observo should be accessible with OneLogin as the Identity Provider.