OneLogin Authentication

Organizations utilizing OneLogin can configure ScaleFT to authenticate against OneLogin using SAML.

Creating a Team

SAML can only be configured in ScaleFT during signup, so to get started using OneLogin authentication create a new team and choose SAML authentication when prompted.

OneLogin Configuration

Once you reach the SAML configuration step in the ScaleFT signup process you’ll need to add ScaleFT to OneLogin.

To add ScaleFT to OneLogin browse to Adminstration > Apps > Add Apps, choose “SAML Test Connector (IdP) w/ NameID (Persistent)” and give the app a display name and icon (optional).

“Configuration” Tab

Once you’ve created the application browse to the “Configuration” tab of the application’s settings in OneLogin and enter the following values:

  • RelayState - leave this empty
  • Audience - use the “Service Provider Entity ID” from the ScaleFT SAML configuration form
  • Recipient - use the “Assertion Consumer Service URL” from the ScaleFT SAML configuration form
  • ACS (Consumer) URL Validator - use ^https:\/\/app\.scaleft\.com\/v1\/_saml_callback$
  • ACS (Consumer) URL - use the “Assertion Consumer Service URL” from the ScaleFT SAML configuration form
  • Single Logout URL - leave this empty

IMPORTANT: Be sure to click “Save” in the top right corner before proceeding.

“Parameters” Tab

On the “Parameters” tab of the application settings you’ll need to configure SAML attributes for ScaleFT to consume.

For each attributes described below you’ll need to:

  1. Click “Add parameter”
  2. Enter the attribute name
  3. Check “Include in SAML assertion”
  4. Click Save
  5. Click on the newly created parameter
  6. Assign a default value as described below
  7. Click save again

The attributes and recommended default values you’ll need to add are:

  • Login - default value “Username”
  • Email - default value “Email”
  • FirstName - default value “First Name”
  • LastName - default value “Last Name”

Note: a non-empty value must be supplied for each of these attributes for every user. If users in your OneLogin configuration don’t, by default, have a Username it may be preferable to use another value such as “Email” or “Email name part” as the default value for Login.

“Users” Tab

On the “Users” tab ensure that you are already assigned to the application. Click on your name and ensure that a value is present for each attribute. If not, go back to the parameters tab and adjust the default values to use fields which your organization populates in OneLogin.

ScaleFT Configuration

Once you’ve configured ScaleFT in OneLogin, you’ll need to enter several values from the SSO tab in OneLogin in the ScaleFT SAML configuration form.

Identity Provider SSO URL

Use the “SAML 2.0 Endpoint (HTTP)” value from the SSO tab in OneLogin.

Identity Provider Entity ID

Use the “Issuer URL” from the SSO tab in OneLogin.

Identity Provider x.509 Certificate

OneLogin should already have generated a “Standard Strength Certificate”. Click “View Details” under “X.509 Certificate” on the SSO tab and copy the certificate text into ScaleFT.

Attribute Mapping

In this section you will need to input the names of the parameters you configured in OneLogin:

  • Login
  • Email
  • FirstName
  • LastName

Note: you will need to enter the names of each of these attributes into ScaleFT even if identical helper text already appears in the fields.

Completing Signup

It is a good idea to look over each of the Configuration, Parameter and User tabs in OneLogin before clicking “Authenticate with SAML”. You should see:

  1. Non-blank values on the Configuration tab
  2. Email, Login, FirstName and LastName parameters listed on the Parameter tab, each with a default value
  3. At least yourself listed on the User tab. Click on your own name to ensure that each parameter is present and non-empty.

Once you’re happy with your configuration click “Authenticate with SAML” in ScaleFT.