How to setup SSO with OneLogin (SAML)

About this article

This article describes how an organization can set up SSO with OneLogin utilising SAML2 protocol. You will find the following main sections in this support article: 

• Configuring OneLogin
• Attribute Statements (Optional)
• Configuring Templafy

Prerequisites

Configuring OneLogin

1. Go to "Apps" and "Add Apps"
   
   
   
   
2. Search for "SAML"
3. Choose "SAML Test Connector (Advanced)"
   
   
   
   
4. Name it Templafy (and add an icon if you want)
5. Click Save
   
   
   
   
6. Go to "Configuration" an fill out the below SAML settings and hit "Save"

   SAML Settings

   
   

   Templafy One
   Metadata URL	https://app.templafy.com/AuthServices
   Audience /Recipient	https://app.templafy.com/AuthServices
   ACS (Consumer) URL Validator / ACS (Consumer) URL	https://app.templafy.com/AuthServices/Acs
   Login URL	https://CLIENTSUBDOMAIN.templafy.com
   Hash function to use for digital signing at IdP	SHA-256
   User Identifier	mail

   Templafy Hive
   Metadata URL	Prod0: https://templafyprod0.auth.templafy.com/auth/saml2/auth-services West Europe: https://templafyprod1.auth.templafy.com/auth/saml2/auth-services East US: https://templafyprod2.auth.templafy.com/auth/saml2/auth-services East Australia: https://templafyprod3.auth.templafy.com/auth/saml2/auth-services
   Audience/ Recipient	https://auth.templafy.com/auth/saml2/auth-services
   ACS (Consumer) URL Validator  / ACS (Consumer) URL	Prod0: https://templafyprod0.auth.templafy.com/auth/saml2/auth-services/Acs West Europe: https://templafyprod1.auth.templafy.com/auth/saml2/auth-services/Acs East US: https://templafyprod2.auth.templafy.com/auth/saml2/auth-services/Acs East Australia: https://templafyprod3.auth.templafy.com/auth/saml2/auth-services/Acs
   Login URL	https://CLIENTSUBDOMAIN.hive.templafy.com or https://CLIENTSUBDOMAIN.templafy.com
   Hash function to use for digital signing at IdP	SHA-256
   User Identifier	mail

   
   
   
7. Click "Parameters"
8. Click "The Plus Icon"
   
   
   
   
9. In "field name", write "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
10. Tick off "Include in SAML assertion"
11. Click "Save"
    
    
    
    
12. Click the newly created parameter
13. Set "Value" to "Email"
14. Click "Save"
    
    
    
    
15. Click "SSO"
16. Change "SAML Signature Algorithm" to "SHA-256"
17. Remember to "Save"
18. Copy "Issuer URL" and send it to Templafy
    
    

Attribute Statements (Optional)

For setting up additional claims please see the article below for information about the schema setup. This is to be configured under "Parameters" of this guide: Supported claims and clams rules

Configuring Templafy

1. Please provide Templafy with your "Issuer URL" found under "SSO" in the App settings.
2. The following are needed to configure Templafy and are available in the metadata.xml.

• Identity Provider Single Sign-On URL (HTTP-POST)
• Identity Provider Issuer
• X 509 Certificate

Related articles