Gathering Required URLs in Addigy
Before configuring everything in OneLogin, we must initiate a new SAML app to generate the two URLs we will be using further down in the article.
- First, ensure you are logged into Addigy as a user with privileges to create and modify Integrations.
- Navigate to Account >> Integrations
- In the Log In Options section, select New SAML App
- Copy down the Entity ID and the Assertion Consumer Service (ACS) URL in a separate document. We will need these for the next section.
Configuring OneLogin
Creating the app
- Login to your OneLogin portal, and when there, select Applications. Then, choose Add App.
- In the search bar, type in SAML Custom Connector and choose the SAML Custom Connector (Advanced) option. Once there, you are welcome to change the logo and rename the app to something more identifiable. Then, click save in the top-right.
Editing the Configuration
- Now that your app has been saved and created, navigate to the Configuration section. From here, we will need to insert the previously noted-down URLs into 4 separate fields, as numbered below.
1. Audience (EntityID): This will be your "Entity ID" from Addigy
2. Recipient: This will be your "Assertion Consumer Service (ACS) URL" from Addigy
3. ACS (Consumer) URL Validator: This will be a specially formatted version of your ACS URL. To format this URL properly, simply navigate to the below website and paste your ACS URL from Addigy. https://www.freeformatter.com/json-escape.html#before-output
4. ACS (Consumer) URL: This will be the same as your Recipient field, which is the ACS URL. -
Once all of the relevant URLs have been entered, scroll down to the SAML initiator field.
-
If you are using Service Provider initiated (SP-initiated) SSO in your environment, set this field to Service Provider.
- If you are using IdP-initiated SSO, this field must be set to OneLogin. Setting the SAML initiator to Service Provider will prevent login from your IdP portal.
-
Editing the Parameters
3 separate parameters will need to be created in order for Addigy to properly create a new user. To create a new parameter, simply click the plus button on the far right-hand side.
In each field name, simply mirror the information within the below screenshot. While creating each individual parameter, make sure the Include in SAML assertion flag is checked.
Downloading the Certificate and gathering the SSO URL
The last piece(s) of the puzzle is to gather the certificate and the SSO URL from the SSO section of the app configuration.
To download the certificate, simply click the View Details blue text.
It will then redirect you to a different page which is where you can download the X.509 PEM file.
In the same SSO section, copy the SAML 2.0 Endpoint (HTTP) URL and note that in a separate document.
Finalizing the Setup in Addigy
Now that everything is configured in OneLogin, simply upload the .pem cert which was downloaded from Addigy. Then, paste the SAML 2.0 Endpoint (HTTP) URL into the SSO Url field.
If you are using IdP-initiated SSO, make sure to check the box to allow it.
FAQ
Q: How can I implement OneLogin with Addigy Identity?
A: OneLogin is currently not a supported IdP. Our supported Identity Providers include Okta, Google, and Azure.
Q: What is automatic user provisioning?
A: Automatic user provisioning will allow for the IdP to create new Addigy users with the default role defined in the SAML app settings within Addigy. If this setting is disabled, users without an account already pre-configured in Addigy will not be able to perform the SAML assertion.
Q: I keep getting looped back to the Addigy login page - why?
A: This is likely due to a misconfiguration. Ensure that you have double and triple-checked the above settings and that the proper URLs are in the relevant fields. If one piece is configured improperly, it will not work.
If you have automatic user provisioning disabled, ensure that the user performing the SAML assertion has a user already in Addigy.
If you are leveraging IdP-initiated SSO, ensure the 'Allow IdP-Initiated SSO' box has been checked in Addigy and the SAML Initiator field is set to 'OneLogin' in OneLogin.
If it is still not working, kindly submit a support ticket with screenshots of your Addigy and OneLogin settings and we will be glad to take a look.