OneLogin is an Identity and Access Management (IAM) platform that allows users to access multiple applications with a single set of credentials.
To set up Insightful Security Assertion Markup Language (SAML) Single Sign-On (SSO) using OneLogin, one needs to follow a structured set of steps
Steps-by-step Instructions
Create a developer account at https://www.onelogin.com/
After the account creation process is completed, click on Application → Add app,
3. In the search bar, enter SAML Test Connector and select SAML Test Connector (Advanced)
4. In the Display name field enter application name and click on the Save button.
5. From the left side menu select the Configuration tab and fill in the following data:
RelayState - leave it blank until you get it from the Insightful later.
Audience (EntityID): https://app.insightful.io/
ACS (Consumer) URL Validator*: https:\/\/app.insightful.io\/api\/v1\/sso-public\/saml\/assertion
ACS (Consumer) URL*: https://app.insightful.io/api/v1/sso-public/saml/assertion
Login URL: https://app.insightful.io/#/sign-in
SAML initiator: Service provider
SAML issuer type: Specific
SAML signature element: Assertion
Encrypt assertion: Check
SAML encryption method: AES-256-CBC
6. Click on Save button
7. Assign the created application to users. On the main menu navigate to Users tab and then select the user and navigate to Applications tab. Click on the Plus button and then select your app and click on the Continue button.
8. Click on the Save button and leave NameID value as it is by default.
9. Notes:
After click on Save, it is necessary to invite the user. Click on the More actions button and open a dropdown to select the Send invitation option. The user will receive a link to the e-mail which will be redirected to the provider. The user sets their password (username will be their email) and the provider will further redirect it to Insightful where they will be able to log in with SAML SSO.
The user will not be able to log in with the SAML SSO until the configuration is fully configured.
Adding a user does not have to be done in this step. The user can also be added even after configuring the SAML SSO.
10. On the main menu select Applications and then select your application and navigate to Parameters tab. Click on the Plus sign and create the following parameters:
NOTE: “ALWAYS CHECK INCLUDE IN SAML ASSERTION”
firstName (use camelCase) - on the next step as a value in dropdown select First Name
lastName (use camelCase) - on the next step as a value in dropdown select Last Name
email - on the next step as a value in dropdown select Email
Id - on the next step as a value in dropdown select Internal ID
11. Click on the Save button
12. Go to Insightful app and navigate to Settings page → Security and Identity and then click on the Configure SAML button.
13. Fill in the following fields:
Name - Whatever suits you
Issuer ID: Go to Onelogin and navigate to Application → SSO tab and copy Issuer URL data. Paste it to Issuer ID field in Insightful.
Login URL: Go to Onelogin and navigate to Application → SSO tab and copy SAML 2.0 Endpoint (HTTP). Paste it to Login URL field in Insightful.
Identity Provider Certificate: Go to Onelogin and navigate to Application → SSO tab, then on the X.509 Certificate part click on the View Details button and download Standard Strength Certificate (2048-bit). Upload the downloaded certificate into the Identity Provider Certificate field.
14. Then click on the Next button in the Insightful app.
15. Copy Default Relay State code and put in the Configuration tab (One login) in RelayState field.
16. Check Enable Encryption and then Copy Certificate and paste in SAML Encryption (Public key) in OneLogin. Save the changes.
17. Go back to the Insightful app and click on the Next step button.
18. Click on the Verify SAML button and the user will be redirected to OneLogin page to log in.
19. After the successful login - link your existing account with OneLogin SAML SSO account and you will be logged in using SAML SSO and the process will be completed!
How to log in to Insightful outside of OneLogin
Open your application in OneLogin
Click on the SSO tab
Copy SAML 2.0 Endpoint (HTTP)