# OneLogin In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over *Applications* in the navigation bar, and click on *Applications*: ![](/files/-MCgMtpSqO_ehjWOOacW) Click on the *Add App* button: ![](/files/-MCgPJfSdIKboBDGELVB) In the list of applications, search for "saml" and click on the item *SAML Test Connector (IdP w/ attr w/ sign response)*: ![](/files/-MCgQWe8vkBlaWFulANW) Choose a descriptive name for your application and click the *Save* button: ![](/files/-MCgQmC7wfZdlgwiywNv) Click the *Configuration* tab: ![](/files/-MCgR-Zf5YpLickw8CWA) Refer to the [endpoints section in the Single Sign On article](/3.5.4/advanced/integrate/sso.md#endpoints) how to obtain the endpoints values. Fill in these fields: | Field | Value | | ---------------------------- | ------------------------------------- | | Audience | *Entity ID / Metadata URL* endpoint | | Recipient | *Assertion Consumer Service* endpoint | | ACS (Consumer) URL Validator | `.*` (or specify a custom RegEx) | | ACS (Consumer) URL | *Assertion Consumer Service* endpoint | | Single Logout URL | *Single Logout Service* endpoint | {% hint style="warning" %} You need to add the OneLogin domain for your organisation to the [CORS whitelist](/3.5.4/advanced/security.md#cross-origin-resource-sharing-cors) as well. {% endhint %} Now, we have to copy and paste some values *from* our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab: ![](/files/-MCgX6X7nXbzOB3QWwqd) In a separate browser tab, open the Exivity SAML setting (See [SAML configuration](/3.5.4/advanced/integrate/sso.md#saml-configuration)) and copy over the following settings: | Exivity configuration value | OneLogin field | | --------------------------- | ------------------------ | | Entity ID | Issuer URL | | SSO URL | SAML 2.0 Endpoint (HTTP) | | SLO URL | SLO Endpoint (HTTP) | Now, let's set up the OneLogin certificate in Exivity. Under the label *X.509 Certificate*, click the *View Details* link. Copy the X.509 Certificate and paste it in the *X-509 certificate* field in the Exivity settings. ![](/files/-MCg_sKLGm9rkXXr_9vn) As the last step, copy and paste this JSON object in the *Advanced settings* in the Exivity settings: ```javascript { "security": { "wantXMLValidation": false } } ``` Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to *Administration,* *Settings* and then click on the *System* tab. Make sure the *Single Sign-On* option is set to an option including *SAML2 Authentication*: ![](/files/-MCgdLv0Wr02WJO2Xu5E) OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this: ![](https://blobscdn.gitbook.com/v0/b/gitbook-28427.appspot.com/o/assets%2F-LHEKskLK6aXinV75Knl%2F-LHF0G1lYWN8xZtENgii%2F-LHF0U2cVXgVSEJprLbl%2Fexivity-login-sso.png?generation=1531424668611642\&alt=media) And by clicking on the *Login* button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see [configuration](/3.5.4/advanced/integrate/sso.md#configuration)) if no existing user is found. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://olddocs.exivity.io/3.5.4/advanced/integrate/sso/onelogin.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.