OneLogin Documentation from their marketplace can be found here: https://onelogin.zendesk.com/hc/en-us/articles/202361820-Configuring-Apps
- Account Admin permissions in OneLogin
- Account Admin permissions in Bridge
- Once you’re logged-in to your OneLogin account, navigate to the apps section of the administration interface.
- Search for “Bridge” (not ‘Bridge Learn’ as this one is deprecated and going away) in the `find applications` section, and then select ‘Add App’ once you’ve located Bridge Learn in the search results.
- Click on save
- Select the SSO option at the top of the page.
- Copy the link showing in the “Issuer URL” field
- This is your Identity Provider Metadata URL which you will copy into your Bridge Admin interface.
- In a new window or tab, log in to your Bridge instance as an administrator.
- Once logged into your Bridge Admin account, go to the Admin panel, and click on Account Management and then Account Settings.
- Select the option for Auth and if you currently have single sign on system enabled, disable it at the bottom of the screen.
- Scroll down to the “`SAML 2.0` option and click 'enable.'
- On this screen, ensure that the correct checkboxes are selected for ‘Sign Authentication Requests’ and ‘Use Name Qualifiers on Entity IDs’
- Make sure IdP Provider Metadata URL is selected and paste the URL you copied from OneLogin into the ‘Identity Provider Metadata URL field’ and add your desired ‘NameID Format URN’
- This is most likely ‘urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified’
- Click on the save button at the bottom of the page.
- Once the data fields at the bottom of the page have been populated, copy the text showing in the ‘Identity Provider UUID’ field.
- Go back to your open OneLogin tab or window and click on the ‘Configuration’ link towards to top.
- Paste the ‘Identity Provider UUID’ into the field on the page and click ‘Save’ on the upper right-hand side of the page.
- Click on the parameters link at the top of the section and ensure that the NameID that is passing across is the appropriate one, i.e. it matches the UID on the Bridge side.
- In a new incognito window, navigate to your Bridge URL and attempt to login. If everything is setup correctly you should be dropped into your Bridge instance. If not an error message should display.
- If you need assistance with this setup, please contact your CSM.