Last updated

Create SAML application with Onelogin

This guide outlines the steps to create and configure a SAML application in Onelogin, including setup, user assignments, and metadata submission.

Step 1: Create SAML application

  1. Log in to your OneLogin application dashboard and click Applications on the top navigation and click Add App.

onelogin

  1. Search for SAML custom and choose SAML Custom Connector.

onelogin

  1. Add a Display Name for your application and click Save.

onelogin

  1. Copy and paste the values into the relevant fields in the Configuration section.

onelogin

onelogin

  1. Scroll down to SAML nameID format and make sure that Email is selected.

onelogin

Step 2: Fill attribute statements (optional)

  1. Go to the Parameters (optional) section, and click on the + sign to add new attributes:

onelogin

  1. A New Field modal will open up. The below example shows how to map user's memberOf attribute as groups in the saml response.

onelogin

  1. After adding the Field name and selecting the checkbox, click on Save. Select MemberOf under the Value dropdown and click Save.

  2. Make sure that users who assigned to the SAML application, have their groups refrelected in member of field in user details.

onelogin

  1. For adding additional attributes such as First Name and Last Name, repeat the steps and add them as firstName and lastName.

onelogin

Step 3: Assign users

  1. Switch to the Users section, choose the user groups that you wish to assign to this application.

onelogin

  1. After choosing the user groups, click on Save.

onelogin

Step 4: Submit metadata

To complete the implementation of SAML SSO, you need to provide the application with your identity provider’s details.

Automatic configuration

  1. Click on the SSO section of the SAML app you just created.
  2. Copy the Issuer URL and paste it below in the IdP Metadata URL field.

onelogin

onelogin

Manual configuration

  1. Click on the SSO tab of the SAML app you just created.
  2. Click on View Details for the X.509 Certificate and paste the value below.
  3. Copy the value of the SAML 2.0 Endpoint and paste it in SSO Endpoint field below.

onelogin

onelogin

Step 5: Proceed with domain claiming and role assignment

  1. Click on Proceed with domain claiming and role assignment to confirm the completion the configuration of the IDP form.
  2. Follow the instructions in the Self-service SAML configuration guide to complete this step and manage authorization.