Configure SAML SSO with OneLogin

  • Updated

This guide provides step-by-step instructions to configure SAML Single Sign-On (SSO) with OneLogin using the SAML Test Connector (Advanced). This configuration lets you create a secure and streamlined authentication for your users.

Configure the SSO connection

  1. In the Opti ID Admin Center, go to Settings to configure a new SAML SSO connection.
    • Assertion Consumer Service URL (ACS URL)
    • Audience URI

  2. In your OneLogin admin dashboard, go to Applications and click Add App.

  3. In the Search field, enter saml test and select SAML Test Connector (Advanced) from the results list.

  4. Enter the desired app name and click Save.

  5. Go to the SSO tab.

    1. Copy the Issuer URL.

    2. Copy the SAML 2.0 Endpoint (HTTP).

    3. Click View Details in the X.509 Certificate section.

    4. Click Download and save the PEM file.

  6. Go to the Opti ID Admin Center > Settings and configure a new SAML SSO connection.
    1. For the Issuer URL, paste the Issuer URL you copied in step five.
    2. For the SSO URL, paste the SAML 2.0 Endpoint URL you copied in step five.
    3. For the Signature Certificate, select the certificate file you downloaded in step five.
  7. When you submit the form to create an SSO connection, the page displays the Audience URL and the Assertion Consumer Service URL. Copy both values to be used later to complete the configuration of the OneLogin application.
    1. Go to the Configuration tab and paste the Audience URL into the field Audience (Entity ID).
    2. Paste the Assertion Consumer Service URL into the fields Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL.
      OneLogin-SAML-11.png
  8. Go to the SSO tab, change the SAML Signature Algorithm dropdown to SHA-256 and click Save.

For information about SAML tracing, see OneLogin's documentation on External SAML Tools.

In accordance with your company policy, configure your Opti ID SSO application to enforce authentication on each login for added security or maintain user sessions for a specified duration to balance security and user convenience.

Test the SSO connection

One of the users you assigned in the SAML application should test the setup. They need to be a user in the Opti ID Admin Center but logged out.

  1. Open an incognito window and go to https://login.optimizely.com.
  2. When you enter your email and click Next, it should redirect you to your organization's IdP.
  3. Double-check your settings if there are any issues with signing in with your incognito window.

If it does not work correctly, see the Opti ID troubleshooting articles. If you cannot resolve the issue, contact Optimizely Support.