• Home
• Login with External IDP
• OneLogin Single Sign-On

Configure OneLogin as SAML or OAuth IDP for SSO

---

miniOrange Identity Broker service solution enables cross protocol authentication. You can configure OneLogin as an IDP for Single Sign-On (SSO) into your applications/websites. Here, OneLogin will act as an Identity Provider (IDP) and miniOrange will act as a broker.

We offer a pre-built solution for integrating with OneLogin, making it easier and quick to implement. Our team can also help you set up OneLogin as SAML or OIDC IDP to login into your applications.

Follow the Step-by-Step Guide given below for OneLogin Single Sign-On (SSO)

1. Configure miniOrange as SP in OneLogin

Mentioned below are steps to configure OneLogin as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).

• SAML
• OAuth

• Go to miniOrange Admin console and navigate to Identity Providers in the left navigation menu. Then, click on Add Identity Provider button.



• In Choose Identity Provider, select SAML from the dropdown.



• Search for Onelogin in the list. If you don’t find it, search for SAML Provider and set up your application there.



• Now click on the Click here link to get miniOrange metadata as shown in Screen below.



• For SP -INITIATED SSO section, select Show Metadata Details.



• Then, click on Download Metadata.



• Now log in to OneLogin.
• Go to Apps >> Company Apps >> Add Apps from the Navbar.



• In the search box, type SAML Test Connector and click on the App to add it.



• Enter the display name and click on Save.
• Click on the Configuration Tab and enter the following details.

• Go to https://app.onelogin.com/login and log into your Onelogin account.
• You will be presented with following screen. Hover on Apps and then click on Add Apps.



• You will be shown a search list. Search for “OIDC” (OpenID Connect) and click on the search result as shown below.



• You will be shown a configuration screen. Fill the application name and other details as required then click on Save.



• To get the Redirect URL:
• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers >> click Add Identity Provider.



• In Choose Identity Provider, select OAuth/OpenID from the dropdown.



• Search for Salesforce in the list. If you don’t find it, search for OAuth Provider and set up your application there.



• Keep the OAuth Callback URL as Redirect URL, required for next step.



• Back in OneLogin, you will be redirected to the app details page. Go to Configuration tab and enter Redirect URL from MO OAuth identity-provider page and click on Save.



• Go to SSO tab. There you will find the Client ID and Client Secret fields.



• Copy these credentials in MO OAuth App configuration page on corresponding fields.
• Make sure that you configure the Authorize Endpoint and ID Token Endpoint in the MO OAuth App correctly.

2. Configure OneLogin as IDP in miniOrange

• SAML
• OAuth

• Return to the miniOrange Admin Console (you should have kept it open from Step 1).
• Click on Import IDP metadata.



• Choose an appropriate IDP name. Enter the URL which you have saved in the previous step from OneLogin.
• Click on Import.



• As shown in the below screen the IDP Entity ID, SAML SSO Login URL and x.509 Certificate will be filled from the Metadata file we just imported.



• Click Save

Follow the steps to configure OneLogin as IdP by OAuth configuration.

• Return to the miniOrange Admin Console (you should have kept it open from Step 1).
• Enter the following values.

Display Name	Enter appropriate Name
Client ID	From step 1
Client secret	From step 1
Authorization Endpoint	https://{your-base-url}/as/authorization.oauth2
Token Endpoint	https://{your-base-url}/as/token.oauth2
User Info Endpoint (optional)	https://{your-base-url}/idp/userinfo.oauth2
Scopes	auto




• Click Save to apply the configuration.

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Search for your app, click the three dots in the Actions menu, and select Test Connection against the Identity Provider (IDP) you configured.



• On entering valid OneLogin credentials (credentials of user assigned to app created in OneLogin), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of OneLogin as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers go to the Three dot (⋮) icon >> Attribute Mapping OneLogin as IdP.

• Attribute Type - USER
• Attribute Type - EXTERNAL

Maps information, such as email and username, during Just-In-Time (JIT) user creation. Email and Username attributes are necessary to create the user profile.

• Click on the + Add Attribute button to add the attribute fields.



• Check the attributes in the Test Connection window from the previous step. Choose any attribute names you want to send to your application under Attribute Name sent to SP.
• Enter the values of the attributes coming from IdP into the Attribute Name from IdP field on the Xecurify side.

EXTERNAL mappings help alter incoming attribute names before sending them to apps, ensuring that the data is in the correct format.

• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know why miniOrange is considered better than OneLogin
• Know more about Oracle EBS OneLogin SSO Integration