OneLogin SSO setup

Set up the RudderStack SSO (Single Sign-On) feature with OneLogin.

This guide lists the steps to configure and enable OneLogin SSO for your organization.

Configuring the RudderStack SSO app

  1. Log into your OneLogin portal and click Administration in the top menu:
Administration option in OneLogin
  1. From the top menu, go to Applications > Applications:
Applications option
  1. Then, click Add App:
Add App option
  1. In the resulting Find Applications page, search for SAML Custom Connector (Advanced). From the search results, select the application:
Select SAML Custom Connector option
  1. Name your SAML app and click Save:
Select SAML app name
  1. In the Configuration tab, enter the settings as shown in the following image:
SAML app configuration

The settings to be configured are listed in the following table:

SettingValue
Audience (EntityID)urn:amazon:cognito:sp:us-east-1_ABZiTjXia
Recipienthttps://auth2.rudderstack.com/saml2/idpresponse
ACS (Consumer) URL Validator^https:\/\/auth2\.rudderstack\.com\/saml2\/idpresponse\/\$
ACS (Consumer) URLhttps://auth2.rudderstack.com/saml2/idpresponse
Login URLhttps://app.rudderstack.com/sso?domain=[your-domain.com]
warning
Make sure you enter the correct domain name in the Login URL setting. For example, if your employee email is john@example.com, then your Login URL will be https://app.rudderstack.com/sso?domain=example.com.
  1. From the dropdown, select the SAML initiator and SAML nameID format fields as shown:
SAML settings
success
Configure the other SAML settings related to the assertion validity, encryption method, etc. as per your organizational requirements.
  1. Next, go to the Parameters tab and add the custom parameters as shown below:
Custom parameters

The custom parameters and their values are listed in the following table:

ParameterValue
EmailEmail
LastNameName
NameID valueEmail
info
For the LastName custom attribute, you can specify a single field Name - which specifies how you would like to see your employees on the RudderStack web app.
  1. To add any other custom parameter, click the + button, enter the Field name, and select the value from the dropdown:
Custom parameter configuration
warning
Make sure you enable (tick) the Include in SAML assertion flag for each custom parameter.
  1. Click Save to save the configuration.

Enabling SSO

Go to the SSO tab of your app and copy the Issuer URL:

Issuer URL
success
The Issuer URL is the SAML metadata endpoint that contains the certificate and any other information required to enable SSO for your organization.

Share this Issuer URL with the RudderStack team.

Debugging

There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.

info
A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.

Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.

warning

Note the following before capturing your HAR file:

  • Start from https://app.rudderstack.com/sso with a clean session, preferably in incognito mode of your browser.
  • Complete the SSO flow until the step where you face an error.
  • Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.

Questions? Contact us by email or on Slack