About OneLogin SAML Integration
Single Sign-On with OneLogin (SAML) in Iru Endpoint lets you set up SAML-based SSO integration with OneLogin for users accessing Iru Endpoint through their OneLogin credentials.How It Works
OneLogin SAML integration lets users authenticate to Iru Endpoint using their existing OneLogin credentials. Once configured, users can access Iru Endpoint through a single sign-on experience. The integration works by establishing a trusted relationship between Iru Endpoint and OneLogin, where OneLogin acts as the identity provider (IdP) and Iru Endpoint acts as the service provider (SP). When users attempt to access Iru Endpoint, they’re redirected to OneLogin for authentication, and upon successful login, OneLogin sends a SAML assertion back to Iru Endpoint confirming the user’s identity.Setting Up the SAML Connection
1
Navigate to the Account Menu Button
In Iru Endpoint, in the sidebar, click the Account Menu Button.
2
Access Authentication Settings
Click the Access option in the menu.
3
Add New Connection
Select the Admin and Authentication tab (selected by default) and scroll down to Authentication methods.
4
Add Authentication Method
Click + Authentication Method, then enter a display name for the SSO Connection and select SAML.
5
Create Connection
Click Create.
6
Configuration Information
Click Configuration information if that section is not already expanded.
7
Copy Required URLs
Copy the Assertion Consumer Service URL and the Entity ID and save them in a text document for later use.
8
Keep Tab Open
Leave this tab open, and continue to the OneLogin instructions below.
Use the SAML Custom Connector (Advanced) when setting up OneLogin integration with Iru.
Configuring OneLogin Application
1
Create New Application
In OneLogin, create a new app using the Add SAML Custom Connector (Advanced) app. Navigate to:For any basic steps not covered here, use the original documentation for the process.
2
Set Name and Icons
Set the name and icons for the app, then click Save.
3
Open Configuration Tab
Click the Configuration tab.
4
Configure Entity ID and ACS URL
Paste the Iru Entity ID (Service provider entity ID) into the Audience (EntityID) field. Paste the Iru ACS URL (Assertion consumer service URL) into the Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL fields.
5
Configure SAML Initiator
Set the SAML initiator to OneLogin.
6
Set Name ID Format
Set the SAML nameID format to Email.
7
Set Issuer Type
Set the SAML issuer type to Generic.
8
Set Signature Element
Set the SAML signature element to Assertion.
9
Configure Parameters
Click the Parameters tab and ensure that the Name ID value is set to Email.
10
Configure SSO Settings
Click the SSO tab and set the SAML Signature Algorithm to SHA-256.
11
Copy Issuer URL
Copy the Issuer URL and save it. You will paste this into the IdP Entity ID field in Iru Endpoint.
12
Copy SAML Endpoint URL
Copy the SAML 2.0 Endpoint (HTTP) URL and save it. You will use this for the IdP Single Sign-on URL in the Iru configuration.
Configuring Iru Endpoint SAML Connection
1
Return to Iru Endpoint
Open the SSO connection configuration in Iru Endpoint.
2
Set Connection Name
Set the Connection Name to OneLogin.
3
Add IdP Entity ID
Paste the Issuer URL you copied from OneLogin into the IdP Entity ID field.
4
Add Sign In URL
Paste the SAML 2.0 Endpoint (HTTP) URL you copied from OneLogin into the IdP Single Sign-on URL field.
5
Configure Request Settings
Leave the default settings for request configuration.
6
Set Response Signature Verification
Set Response Signature Verification to Assertion.
7
Save Connection
Click Save.
Allow for Tenant Authentication
Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can allow its use for tenant authentication. For step-by-step instructions, please refer to the Allowing Tenant Authentication and Managing Connections section in our Single Sign-on support article.Enforcing Single Sign-On
Once you have configured at least one Single Sign-on connection, you can disable Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-on support article for step-by-step instructions.Testing the Integration
1
Add Test User
Add a test user to the Admin Team in Iru Endpoint by clicking New User.
2
Configure User Information
Fill in all of the corresponding user information. This user must exist in OneLogin and must be assigned to the Iru Endpoint SSO app in your OneLogin tenant.
3
Submit User
Click Submit.
4
Close Invite Window
Once the invite is submitted, close the Invite User window.
5
Refresh Access Page
Refresh the Access page in Iru Endpoint. You should see the user you added.
6
Test SSO Login
Go to the user’s email to accept the invite and log in with the new SAML SSO connection.