## Create SAML application with Onelogin

This guide outlines the steps to create and configure a SAML application in Onelogin, including setup, user assignments, and metadata submission.

### Step 1: Create SAML application

1. Log in to your OneLogin application dashboard and click **Applications** on the top navigation and click **Add App**.


![onelogin](/assets/onelogin-1.7c7aa5abd6184208698fe0010cb6f626ea19beefadbacc237c4950d490c1e551.dba07de7.png)

1. Search for **SAML custom** and choose **SAML Custom Connector**.


![onelogin](/assets/onelogin-2.5a0501a398a056ac7fd15789d83563be4d95fe5f5b1b3ba1fe70a37f73884802.dba07de7.png)

1. Add a **Display Name** for your application and click **Save**.


![onelogin](/assets/onelogin-3.660019edea4ab487dfec51caed665be6e70284e419aae1acc96414c2ab45025f.dba07de7.png)

1. Copy and paste the values into the relevant fields in the **Configuration** section.


![onelogin](/assets/onelogin-4.c7494ceaa74f7aa4ddf2ec42430f0a914366c538d0ea3d066b421df377836099.dba07de7.png)

![onelogin](/assets/onelogin-5.189216cafaefbec1bd4d7693725e2700b38aeb79feb45515bebc744df9abf159.dba07de7.png)

1. Scroll down to **SAML nameID format** and make sure that **Email** is selected.


![onelogin](/assets/onelogin-6.3dba39e57bc552b223e4a77be84fce432a765c7e2893d82c1e02bdd3aa4cb878.dba07de7.png)

### Step 2: Fill attribute statements (optional)

1. Go to the **Parameters (optional)** section, and click on the + sign to add new attributes:


![onelogin](/assets/onelogin-7.bb94d44f5f04cdbbe05fbcfbd9e93c27723c6d4f6975e45b6a5ea001b1cd13a0.dba07de7.png)

1. A **New Field** modal will open up. The below example shows how to map user's **memberOf** attribute as **groups** in the saml response.


![onelogin](/assets/onelogin-8.08dc15a0a251e6670a45078e9f60b8abaf82e064acc4b7d6718e55c90fb8e04f.dba07de7.png)

1. After adding the Field name and selecting the checkbox, click on **Save**. Select **MemberOf** under the **Value** dropdown and click **Save**.
2. Make sure that users who assigned to the SAML application, have their groups refrelected in **member of** field in user details.


![onelogin](/assets/onelogin-9.76ed358a8f61c014088a6e73850ce3f945323f60d151e32b25d2e7ea7870024a.dba07de7.png)

1. For adding additional attributes such as **First Name** and **Last Name**, repeat the steps and add them as **firstName** and **lastName**.


![onelogin](/assets/onelogin-10.3abe6beebc3cffed9067840bdb2efe36e3b3954504a66bec5552cdce036d6e7b.dba07de7.png)

### Step 3: Assign users

1. Switch to the **Users** section, choose the user groups that you wish to assign to this application.


![onelogin](/assets/onelogin-11.70fb961742c7cd7acef34f334587120ad8108b3095eae919ec03adc9334259e2.dba07de7.png)

1. After choosing the user groups, click on **Save**.


![onelogin](/assets/onelogin-12.f639e4d02280bae3f1fcc084068f3e281a8ab571bfd29064d8911cf4b3d0e0a1.dba07de7.png)

### Step 4: Submit metadata

To complete the implementation of SAML SSO, you need to provide the application with your identity provider’s details.

#### Automatic configuration

1. Click on the **SSO** section of the SAML app you just created.
2. Copy the **Issuer URL** and paste it below in the **IdP Metadata URL** field.


![onelogin](/assets/onelogin-13.efb679bac3a8525e5fd391b21be33244bf99286acd19ff17bc56c77e9ea51a26.dba07de7.png)

![onelogin](/assets/onelogin-14.42b404b40982623f6a5810936ce27b7bd4ca2b23a2f79570cfd244aad67c33e0.dba07de7.png)

#### Manual configuration

1. Click on the **SSO** tab of the SAML app you just created.
2. Click on **View Details** for the **X.509 Certificate** and paste the value below.
3. Copy the value of the **SAML 2.0 Endpoint** and paste it in **SSO Endpoint** field below.


![onelogin](/assets/onelogin-15.05de2138c948a181354da566b064bcfd976cafcaa4fad9c200464268344b5850.dba07de7.png)

![onelogin](/assets/onelogin-16.6007ca9b9df24eebaeb151443a470ae3afe44ef229bb61b75a03102487883ccc.dba07de7.png)

### Step 5: Proceed with domain claiming and role assignment

1. Click on **Proceed with domain claiming and role assignment** to confirm the completion the configuration of the IDP form.
2. Follow the instructions in the [Self-service SAML configuration](/ciam/guides/authentication/sso/self-service/saml#claim-domain) guide to complete this step and manage authorization.