• Home
• Login with External IDP
• OneLogin Single Sign-On

Configure OneLogin as SAML or OAuth IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure OneLogin as an IDP for Single Sign-On (SSO) into your applications/websites. Here, OneLogin will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with OneLogin, making it easier and quick to implement. Our team can also help you set up OneLogin as SAML or OIDC IDP to login into your applications.

Follow the Step-by-Step Guide given below for OneLogin Single Sign-On (SSO)

1. Configure miniOrange as SP in OneLogin

Mentioned below are steps to configure OneLogin as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).

• SAML
• OAuth

• Go to miniOrange Admin console and navigate to Idenity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP -INITIATED SSO section Select Show Metadata Details.



• Click on Download Metadata



• Log in to OneLogin.
• Go to Apps >> Company Apps >> Add Apps from the Navbar.


• In the search box, type SAML Test Connector and click on the App to add it.


• Enter the display name and click on Save.
• Click on the Configuration Tab and enter the following.

• Go to https://app.onelogin.com/login and log into your Onelogin account.
• You will be presented with following screen. Hover on Apps and then click on Add Apps.



• You will be shown a search list. Search for “OIDC” (OpenID Connect) and click on the search result as shown below.



• You will be shown a configuration screen. Fill the application name and other details as required then click on Save.



• To get the Redirect URL:
• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider. Select Oauth





• Copy the Callback URL as Redirect URL required for next step.



• Back in OneLogin, you will be redirected to the app details page. Go to Configuration tab and enter Redirect URL from MO OAuth identity-provider page and click on Save.



• Go to SSO tab. There you will find the Client ID and Client Secret fields.



• Copy these credentials in MO OAuth App configuration page on corresponding fields.
• Make sure that you configure the Authorize Endpoint and ID Token Endpoint in the MO OAuth App correctly.

2. Configure OneLogin as IDP in miniOrange

• SAML
• OAuth

• Go to miniOrange Admin Console .
• From the left navigation bar select Identity Provider.
• Click on Add Identity Provider button.



• Select SAML. Click on Import IDP metadata.



• Choose an appropriate IDP name. Enter the URL which you have saved in the previous step from OneLogin.
• Click on Import.



• As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.



• Click Save

Follow the steps to configure OneLogin as IdP by OAuth configuration.

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Provider. Select Oauth





• Enter the following values.

IdP Name	Custom Provider
IdP Display Name	Choose appropriate Name
OAuth Authorize Endpoint	https://{your-base-url}/as/authorization.oauth2
OAuth Access Token Endpoint	https://{your-base-url}/as/token.oauth2
OAuth Get User Info Endpoint (optional)	https://{your-base-url}/idp/userinfo.oauth2
Client ID	From step 1
Client secret	From step 1
Scope	auto

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Click on Select >> Test Connection option against the Identity Provider (IDP) you configured.



• On entering valid OneLogin credentials (credentials of user assigned to app created in OneLogin), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of OneLogin as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers >> View Identity Providers >> Your configured OneLogin as IdP.
• Now click on Select and then Configure Attribute Mapping of your application.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know why miniOrange is considered better than OneLogin
• Know more about Oracle EBS OneLogin SSO Integration