Configure SAML Single Sign-on with OneLogin

onelogin-2

Remembering passwords can prove to be a difficult task when you are using a large number of tools that require you to sign-in every time. Thankfully, with the help of the SAML technology, you can minimize the time you spend on trying to recover your password in Kanbanize.

In a previous post, we described the general steps needed to set up SAML integration between Kanbanize and your Identity Provider. We also gave concrete instructions for users of Azure AD as their IdP. Now, we’ll expand the list further by adding a step-by-step tutorial for another popular IDaaS (IDentity As A Service) provider – OneLogin. Here’s what you need to do to set up the integration:

1. From your OneLogin dashboard go to Apps > Company Apps

OneLogin setup step 1

2. Click the ‘Add App’ button in the upper right corner

3. Type ‘SAML’ in the search field and choose SAML Test Connector:

OneLogin setup step 3

4. Give the app a proper name and click ‘Save’:

OneLogin setup step 4

5. From the detailed app page, select the ‘Configuration’ tab:

OneLogin setup step 5

6. There you need to fill the following data:

RelayState: /ctrl_login/saml_login
Audience: https://{subdomain}.kanbanize.com/
(beware the / at the end)
Recipient: https://{subdomain}.kanbanize.com/saml/acs
ACS (Consumer) URL Validator: ^https:\/\/{subdomain}\.kanbanize\.com\/saml\/acs\/$
ACS (Consumer) URL: https://{subdomain}.kanbanize.com/saml/acs
Single Logout URL: https://{subdomain}.kanbanize.com/saml/sls

Everywhere replace {subdomain} with your Kanbanize account’ subdomain. For example, if you access Kanbanize at https://acme.kanbanize.com your subdomain is acme.

In the end, the form should look like this:

OneLogin setup step 6

7. Click ‘Save’ then go to the ‘Parameters’ tab

OneLogin setup step 7

8. Click ‘Add parameter’ in the lower right corner

9. A popup to configure the new field will appear. Enter EmailAddress for ‘Field name’ and tick ‘Include in SAML assertion’:

OneLogin setup step 9

10. Click ‘Save’. The popup will disappear and you’ll see the new field added to the list:

OneLogin setup step 10

11. Click it and a new popup will appear. From the dropdown, select Email for ‘Value’:

OneLogin setup step 11

12. Click ‘Save’ on the popup and then ‘Save’ in the upper right corner to save all the changes you made to the app so far.

(Optional: add two more fields that hold the user’s first and last names)

With this the setup in OneLogin is complete! It’s time to move on to Kanbanize. But before you do that, switch to the ‘SSO’ tab – it contains information that you will need:

OneLogin setup step 12

13. Now head over to your Kanbanize account, open the administration panel and select the integrations tab:

OneLogin setup step 13

14. Tick the ‘Enable SAML 2.0 Single Sign-On’ checkbox and fill the fields below with the info from OneLogin like this:

Issuer URL goes to IdP Entity Id
SAML 2.0 Endpoint (HTTP) goes to IdP Login Endpoint
SLO Endpoint (HTTP) goes to IdP Logout Endpoint (fill this only if you want to enable Single Logout, too)

15. Attribute name for Email is the name of the parameter that contains the user’s email. In our example, this is EmailAddress (If you added parameters for user’s first and last names, fill their names in the other two fields)

16. Back in OneLogin click ‘View Details’ under the certificate. A detailed page will open:

OneLogin setup step 16

17. Copy the full certificate and paste it in the respective field in Kanbanize. In the end, it should look similar to this:

OneLogin setup step 17

18. Click ‘Save Settings’ and you are almost done!

19. The only thing left is to give users of your IdP access to Kanbanize. Start by going back to OneLogin and selecting ‘Users’ > ‘All Users’.

20. Select a user and switch to the ‘Applications’ tab:

OneLogin setup step 20

21. Click the plus button in the upper right corner. A popup will appear – select the Kanbanize app and click ‘Continue’. You don’t need to change anything in the next popup so you can close it.

22. That’s it! Your user should now be able to login to Kanbanize through your OneLogin account!

Be sure to try the integration and don’t hesitate to contact our support if you have any trouble.

Leave a Reply

Your email address will not be published. Required fields are marked *