LogoLogo
3.6.9
3.6.9
  • Introduction
  • Getting started
    • Installation
      • Prerequisites
        • Server requirements
      • On-premises
        • Single-node
          • Directory structure
        • Multi-node
      • Azure Market Place
      • AWS Market Place
    • Tutorials
      • Amazon AWS CUR
      • Amazon AWS CUR (Athena)
      • Azure Stack
      • Azure EA
      • Azure CSP
      • Google Cloud
      • VMware vCloud
      • VMware vCenter
    • How-to guides
      • How to configure receiving a monthly billing report
      • How to automatically trigger a monthly billing report
      • How to update your license
      • How to store contract information with an Account in a report
      • How to automatically send workflow errors as webhooks to a monitoring system
    • Concepts
      • User interface
      • Services
    • Releases
      • Upgrading to version 3
      • Known issues
      • Announcements
      • Archive
  • Reports
    • Accounts
    • Services
    • Instances
    • Summary
    • Budget
  • Services
    • Manage
    • Rates
      • Tiered Services
        • Aggregation Levels and the Account Hierarchy
    • Adjustments
    • Subscriptions
  • ACCOUNTS
    • Budget management
  • Data pipelines
    • Extract
      • Configuration
      • Extractor templates
      • Script basics
      • Parslets
      • Subroutines
        • check_dateformat
        • check_dateargument
        • format_date
        • validate_response
      • Language
        • aws_sign_string
        • basename
        • buffer
        • csv
        • clear
        • decimal_to_ipv4
        • discard
        • encode
        • encrypt
        • environment
        • escape
        • exit_loop
        • foreach
        • generate_jwt
        • get_last_day_of
        • gosub
        • gunzip
        • hash
        • http
        • if
        • ipv4_to_decimal
        • json
        • loglevel
        • loop
        • lowercase
        • match
        • pause
        • print
        • return
        • save
        • set
        • subroutine
        • terminate
        • unzip
        • uppercase
        • uri
        • var
    • Transform
      • Configuration
      • Transformer templates
      • Transform Preview
      • Language
        • aggregate
        • append
        • calculate
        • capitalise
        • convert
        • copy
        • correlate
        • create
        • default
        • delete
        • dequote
        • environment
        • event_to_usage
        • export
        • finish
        • Functions
        • if
        • import
        • include
        • lowercase
        • normalise
        • option
        • rename
        • replace
        • round
        • services
        • set
        • sort
        • split
        • terminate
        • timecolumns
        • timerender
        • timestamp
        • update_service
        • uppercase
        • var
        • where
    • Datasets
    • Lookups
    • Metadata
    • Reports
    • Workflows
  • Administration
    • User management
      • Users
      • Groups
    • Notifications
      • Budget Notifications
      • Report notifications
      • Workflow notifications
    • Settings
      • Global Variables
      • White Labeling
  • Advanced
    • Integrate
      • GUI automation
        • Examples
      • API docs
      • Single sign-on
        • Claims-based identity provisioning: users, Account access and user groups
        • Azure-AD
        • Auth0
        • OKTA
        • OneLogin
        • ADFS
        • LDAP
    • Digging deeper
      • Authentication flows
      • Transformer datadate
      • Dataset lifecycle
      • Config.json
      • Databases
  • Security
    • Security
    • Authentication
      • Token
      • LDAP
      • SAML2
    • Password reset
    • Password policy
    • Announcements
  • Troubleshooting
    • Logs
  • Terms & Conditions
  • Privacy Policy
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Advanced
  2. Integrate
  3. Single sign-on

OneLogin

PreviousOKTANextADFS

Last updated 3 years ago

Was this helpful?

In order to use OneLogin as an Identity Provider, we need to set up a new application. To do so, navigate to the OneLogin administration, hover over Applications in the navigation bar, and click on Applications:

Click on the Add App button:

In the list of applications, search for "saml" and click on the item SAML Test Connector (IdP w/ attr w/ sign response):

Choose a descriptive name for your application and click the Save button:

Click the Configuration tab:

Field

Value

Audience

Entity ID / Metadata URL endpoint

Recipient

Assertion Consumer Service endpoint

ACS (Consumer) URL Validator

.* (or specify a custom RegEx)

ACS (Consumer) URL

Assertion Consumer Service endpoint

Single Logout URL

Single Logout Service endpoint

You need to add the OneLogin domain for your organisation to the CORS whitelist as well.

Now, we have to copy and paste some values from our OneLogin application into the Exivity instance Single Sign-on settings. In OneLogin, click on the SSO tab:

Exivity configuration value

OneLogin field

Entity ID

Issuer URL

SSO URL

SAML 2.0 Endpoint (HTTP)

SLO URL

SLO Endpoint (HTTP)

Now, let's set up the OneLogin certificate in Exivity. Under the label X.509 Certificate, click the View Details link. Copy the X.509 Certificate and paste it in the X-509 certificate field in the Exivity settings.

As the last step, copy and paste this JSON object in the Advanced settings in the Exivity settings:

{
  "security": {
    "wantXMLValidation": false
  }
}

Now you're ready to use OneLogin as a SAML Identity Provider. Enable Single Sign-On in Exivity by navigating to Administration, Settings and then click on the System tab. Make sure the Single Sign-On option is set to an option including SAML2 Authentication:

OneLogin is now configured and enabled, and you can now use it to log in to your Exivity instance. The login screen will look something like this:

Refer to the how to obtain the endpoints values. Fill in these fields:

In a separate browser tab, open the Exivity SAML setting (See ) and copy over the following settings:

And by clicking on the Login button, you'll be taken to the OneLogin login screen. Exivity will receive the users e-mail address and create a new user in the configured user group (see ) if no existing user is found.

endpoints section in the Single Sign On article
SAML configuration
configuration