# OneLogin In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over *Applications* in the navigation bar, and click on *Applications*: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgLna4UJl6eHa3oXzy%2F-MCgMtpSqO_ehjWOOacW%2Fimage.png?alt=media\&token=3f74d282-05af-4434-9238-4416dce987d7) Click on the *Add App* button: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgLna4UJl6eHa3oXzy%2F-MCgPJfSdIKboBDGELVB%2Fimage.png?alt=media\&token=0fc67e46-1f09-41da-aa81-ee70280cccac) In the list of applications, search for "saml" and click on the item *SAML Test Connector (IdP w/ attr w/ sign response)*: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgLna4UJl6eHa3oXzy%2F-MCgQWe8vkBlaWFulANW%2Fimage.png?alt=media\&token=68966734-6180-45a9-9a17-f844499f1e31) Choose a descriptive name for your application and click the *Save* button: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgLna4UJl6eHa3oXzy%2F-MCgQmC7wfZdlgwiywNv%2Fimage.png?alt=media\&token=3c5172f6-e28d-4255-80f2-9cc196c6c6d9) Click the *Configuration* tab: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgLna4UJl6eHa3oXzy%2F-MCgR-Zf5YpLickw8CWA%2Fimage.png?alt=media\&token=94311134-7096-4dbd-a21b-b9d2ded83e5b) Refer to the [endpoints section in the Single Sign On article](https://olddocs.exivity.io/3.4.3/advanced/integrate/sso/..#endpoints) how to obtain the endpoints values. Fill in these fields: | Field | Value | | ---------------------------- | ------------------------------------- | | Audience | *Entity ID / Metadata URL* endpoint | | Recipient | *Assertion Consumer Service* endpoint | | ACS (Consumer) URL Validator | `.*` (or specify a custom RegEx) | | ACS (Consumer) URL | *Assertion Consumer Service* endpoint | | Single Logout URL | *Single Logout Service* endpoint | {% hint style="warning" %} You need to add the OneLogin domain for your organisation to the [CORS whitelist](https://olddocs.exivity.io/3.4.3/security#cross-origin-resource-sharing-cors) as well. {% endhint %} Now, we have to copy and paste some values *from* our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgX5IrWa1K6KDSFRER%2F-MCgX6X7nXbzOB3QWwqd%2Fimage.png?alt=media\&token=51b3230f-4cf7-4804-9f2f-c6ad4e735b55) In a separate browser tab, open the Exivity SAML setting (See [SAML configuration](https://olddocs.exivity.io/3.4.3/advanced/integrate/sso/..#saml-configuration)) and copy over the following settings: | Exivity configuration value | OneLogin field | | --------------------------- | ------------------------ | | Entity ID | Issuer URL | | SSO URL | SAML 2.0 Endpoint (HTTP) | | SLO URL | SLO Endpoint (HTTP) | Now, let's set up the OneLogin certificate in Exivity. Under the label *X.509 Certificate*, click the *View Details* link. Copy the X.509 Certificate and paste it in the *X-509 certificate* field in the Exivity settings. ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgX5IrWa1K6KDSFRER%2F-MCg_sKLGm9rkXXr_9vn%2Fimage.png?alt=media\&token=5ec47645-e211-4bc1-90e8-e31eff359f41) As the last step, copy and paste this JSON object in the *Advanced settings* in the Exivity settings: ```javascript { "security": { "wantXMLValidation": false } } ``` Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to *Administration,* *Settings* and then click on the *System* tab. Make sure the *Single Sign-On* option is set to an option including *SAML2 Authentication*: ![](https://3540922554-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LHEKskLK6aXinV75Knl%2F-MCgaQGigi4nLz_8AqoQ%2F-MCgdLv0Wr02WJO2Xu5E%2Fimage.png?alt=media\&token=0094f4c1-6683-44f6-bbea-212e56b52fb4) OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this: ![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2cVXgVSEJprLbl%2Fexivity-login-sso.png?generation=1531424668611642\&alt=media) And by clicking on the *Login* button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see [configuration](https://olddocs.exivity.io/3.4.3/advanced/integrate/sso/..#configuration)) if no existing user is found.