Skip to main content

About OneLogin SAML Integration

Single Sign-On with OneLogin (SAML) in Iru Endpoint allows you to set up SAML-based SSO integration with OneLogin, providing secure authentication for users accessing Iru Endpoint through their OneLogin credentials.

How It Works

OneLogin SAML integration allows your users to authenticate to Iru Endpoint using their existing OneLogin credentials. Once configured, users can access Iru Endpoint through a single sign-on experience, eliminating the need for separate passwords and improving security through centralized authentication. The integration works by establishing a trusted relationship between Iru Endpoint and OneLogin, where OneLogin acts as the identity provider (IdP) and Iru Endpoint acts as the service provider (SP). When users attempt to access Iru Endpoint, they’re redirected to OneLogin for authentication, and upon successful login, OneLogin sends a SAML assertion back to Iru Endpoint confirming the user’s identity.

Setting Up the SAML Connection

1

Navigate to Settings

Navigate to the Settings page.
2

Access Authentication Settings

Click the Access tab.
3

Add New Connection

Find the Authentication section and click the Add button at the bottom left of the authentication section.
4

Select SAML Connection

In the new blade, select the Custom SAML connection option.
5

Continue Setup

Click Next.
6

Show Advanced Details

Click Show Advanced Details.
7

Copy Required URLs

Copy the contents of the Assertion Consumer Service URL and the Entity ID after the urn:auth0:-prod: portion of the string.
8

Keep Tab Open

Leave this tab open, and continue to the OneLogin instructions below.

Configuring OneLogin Application

1

Navigate to OneLogin

Navigate to the following OneLogin configuration page, or find the Iru Endpoint app in the catalog:
http://{YourSubdomain}.onelogin.com/apps/new/159093
2

Save Application

Click the Save button in the upper right hand corner.
3

Open Configuration Tab

Click on the Configuration tab.
4

Configure ACS URL

Paste in the Assertion Consumer Service URL you previously copied in the Consumer (ACS) URL field.
5

Configure Entity ID

Paste in the ending of the Entity ID you previously copied in the Iru Endpoint Connection Name field. Note only enter the part after “urn:auth0:kandji-prod:”
6

Configure Encryption (EU Tenants Only)

For EU tenants only: Copy the contents of the encryption certificate below and paste it into the Public Key box in the SAML Encryption section. If you have a US tenant, you can skip this step and continue to step 7.
7

Save Configuration

Click Save.
8

Configure SSO Settings

Click on the SSO tab.
9

Set Signature Algorithm

Change the signature algorithm to SHA-256.
10

Copy Sign In URL

Copy the Sign In URL, under SAML 2.0 Endpoint (HTTP)
11

Copy Sign Out URL

Copy the Sign Out URL, under SLO Endpoint (HTTP)
12

Save SSO Settings

Click Save in the upper right-hand corner.
13

View Certificate Details

Click View Details under the certificate section in the SSO tab.
14

Download Certificate

Download the certificate in a X.509 PEM format.
15

Assign Users

You may now assign users to this OneLogin application and close the tab.
EU Tenant Encryption Certificate: 
-----BEGIN CERTIFICATE-----

MIIDCzCCAfOgAwIBAgIJWeMEs9FJlx7pMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNV
BAMTGGthbmRqaS1wcm9kLmV1LmF1dGgwLmNvbTAeFw0yMTEwMDYyMTM2NTJaFw0z
NTA2MTUyMTM2NTJaMCMxITAfBgNVBAMTGGthbmRqaS1wcm9kLmV1LmF1dGgwLmNv
bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcZbctdPHfmhFi1sAlO
qjbL+1xG456EYakTle+5kAckTj9BAC0hLTxrrnjMVpm4ESqFaYIN+xwL0CLfxWlw
HyfOm2fCGuEmcdeA3EGYDAcDHHG3nNDGgOU0iDL5UFJWewzrdSwEQJiczgw+vGod
AXP29tBww4zOyt4CC/JvQeCR85yTFNN+Dca8fdqTvjCtQ0IEvREECTSiM5mcCvqL
V3acqFAm78GsVG7S9Zw4lsvTtlmBZfMJ2XkMyvFcDT38FKWrR+PtW5h5+/G/l7+v
FayXL12RJTLOS+hSKZFyfZypUL8I4q1d0C5Qgl6/RtvfFTX1C7ghI9OhMlB27BjE
QX8CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhXf4eBrfVFai
K1DzoiwXFDmn6YEwDgYDVR0PAQH/BAQDAgKEMA0GCSqGSIb3DQEBCwUAA4IBAQCo
mHVUh6CYf8SXHs/GzbqPc2s82XY5FmHC/PrxHuESu8CQomRwFk4iyCbB0lLKUJ6P
a81F1jlrA5x0F745YCY9d5R5FUkzVn3oO9nGTf5PlYIQHGDbZZCKnq7c+5AbQNEa
fUrWpvyUJhgPGxeD0P6u8PnBKmevhdJQjzwImAtt+JfZWm+tjBAqzYCwjhQ5wxsn
h6cINHabdqyHG7frcfDbT165b1m2InAPre8u+/q8O9W+0HD7xpLZ5LDXzg9g/sIF
OrT8a6Nmy9UJrfGjwdflYGxQnR/jwFS+I3AfhhtQBXqdyaMcsPzYprEEt8ZUp6gz
EdQ5HLz8x/51w1JOZA9Q

-----END CERTIFICATE-----

Configuring Iru Endpoint SAML Connection

1

Set Connection Name

Set the Connection Name to OneLogin.
2

Configure Sign In URL

Paste in the Sign In URL you copied from OneLogin.
3

Configure Sign Out URL

Paste in the Sign Out URL you copied from OneLogin.
4

Upload Certificate

Upload the Certificate you downloaded from OneLogin.
5

Save Connection

Save the connection (do not modify any other settings).

Enable the SAML Connection

Once you have configured the SAML connection in both Iru Endpoint and your identity provider, you can now enable the connection. Please refer to our Single Sign-On support article for step-by-step instructions.
Enforcing Single Sign-On
Once you have configured at least one Single Sign-On connection, you can disable the Standard Authentication connection. Disabling Iru Endpoint standard authentication will disable the ability for Iru Endpoint administrators in your tenant to authenticate via Email/Password, Google Sign in, or Office 365 Sign in. Please refer to our Single Sign-On support article for step-by-step instructions.

Testing the Integration

1

Add Test User

Add a test user to the Admin Team in Iru Endpoint by clicking New User.
2

Configure User Information

Fill in all of the corresponding user information. This user must exist in OneLogin and must be assigned to the Iru Endpoint SSO app in your OneLogin tenant.
3

Submit User

Click Submit.
4

Close Invite Window

Once the invite is submitted, close the Invite User window.
5

Refresh Access Page

Refresh the Access page in Iru Endpoint. You should see the user you added.
6

Test SSO Login

Go to the user’s email to accept the invite and log in with the new SAML SSO connection.