The purpose of this article is to describe the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.
This will cover SAML setup methods.
SSO Quick Overview
The general overview for the OnBoard SSO settings can be viewed below:
Azure AD
- Log in to your Azure Portal from https://portal.azure.com/.
- Go to Azure Active Directory, then to Enterprise Applications.
- Click New Application.
-
If you don't see an option to add a Non-gallery Application, click to switch to the legacy app gallery. Click to add a Non-Gallery Application.
- Name it OnBoard, and click Add.
- Click Single Sign-On and then select SAML.
- Click the Edit button at the top right of the Basic SAML Configuration section.
- For Entity ID enter OnBoard.
- For Reply URL (ACS URL) enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
- Save.
-
Click Edit on the User Attributes & Claims section and set "Unique User Identifier" to "user.mail".
- Save.
- Go down to the SAML Signing Certificate and Copy the App Federation Metadata URL to import into OnBoard.
-
If you would like to add the OnBoard logo to your SSO app, right-click and save the below images to download one of our Rectangular icons and Square icons.
From the Admin side back in OnBoard:
- Log in to OnBoard and click on Settings in the left navigation
- Click on the Security tab at the top of the screen.
-
Click the toggle on the Enable SSO option.
- This will expand the SSO options, you'll then want to click on "Set Domain."
- Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
-
On the next screen you'll be prompted for an Authentication Code:
- To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
- And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
- This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
-
Set the Authentication Framework to SAML, and your Provider to Azure AD, then click Next.
- Enter the Display Name. This usually would be something related to your organization.
-
Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
- If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option.
Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization. - Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.
OneLogin
- Log in to your OneLogin account.
- Go to the Administration panel (3 lined icon at the top left corner) and click on Applications, then Applications from the menu.
- Click Add App at the top right of the page.
- Search for "SAML Test Connector" and click on "SAML Test Connector (Advanced)" to add it.
- Set Display Name as OnBoard.
- Right-click and save the below images to download one of our Rectangular icons and Square icons if you'd like the OnBoard logo to show up for the SSO app.
-
Upload the images to the corresponding spots.
- Add a description if you'd like.
- Click Save.
- Go to Configuration in the left menu.
-
Set Audience (EntityID) to
- For Recipient enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
- For ACS (Consumer) URL Validator field enter https:/\/\auth\.onboardmeetings\.com/\Home/\Saml2AssertionConsumerService
- For ACS (Consumer) URL field enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
-
Click Save.
-
Click on SSO in the left navigation.
- Copy the Issuer URL and SAML 2.0 Endpoint (HTTP) from the OneLogin setup to import into OnBoard.
From the Admin side back in OnBoard:
- Log in to OnBoard and click on Settings in the left navigation
- Click on the Security tab at the top of the screen.
-
Click the toggle on the Enable SSO option.
-
This will expand the SSO options, you'll then want to click on "Set Domain."
- Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
-
On the next screen you'll be prompted for an Authentication Code:
- To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
- And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
- This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
-
Set the Authentication Framework to SAML, and your Provider to OneLogin, then click Next.
- Enter the Display Name. This usually would be something related to your organization.
-
Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
- If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option.
Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization. - Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.
Okta
- Log in to your Okta account.
- Click on Admin button at the top right.
-
Click on the Okta menu button at the top left corner.
- Expand Applications in the menu, then click Add Applications.
- Click on Create App Integration.
-
Set the Sign-in method should be set to SAML 2.0, then click Next.
- For App Name, enter OnBoard.
- For the App Logo, right-click and save the below image to download one of our Rectangular icons if you'd like the OnBoard logo to show up for the SSO app.
- Click Upload New icon and upload the App Logo.
- Click Next.
- For Single sign on URL enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
- Set Audience URI (SP Entity ID) of OnBoard.
- Click Show Advanced Settings to expand.
- Set Response to Signed.
- Assertion Signature should be set to Signed.
- Set Assertion Encryption to Unencrypted.
-
Scroll all the way down and click on Next.
- Select "I'm an Okta customer adding an internal app."
- Check "This is an internal app that we have created."
- Click Finish.
- Click on the Sign On tab and click the "View Setup Instructions" button.
- Copy the Identity Provider Single Sign-On URL issued from the "View Setup Instructions" to import into OnBoard.
From the Admin side back in OnBoard:
- Log in to OnBoard and click on Settings in the left navigation
- Click on the Security tab at the top of the screen.
-
Click the toggle on the Enable SSO option.
- Set the Authentication Framework to SAML, and your Provider to Okta.
- Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
-
On the next screen you'll be prompted for an Authentication Code:
- To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
- And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
- This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
-
Set the Authentication Framework to SAML, and your Provider to Okta, then click Next.
- Enter the Display Name. This usually would be something related to your organization.
-
Paste in the Identify Provider Signle Sign-On URL from step 22 above into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
-
If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option.
Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization.
-
Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.
Setting Up IdP Initiated SSO (optional)
If your organization would like to also set up IdP initiated SSO, you will be able to do so through the following.
If you log in to OnBoard and open your Organization, we'll just need you to copy the Organization ID in your browser's address bar near the top of the screen.
From there, you can add "OrganizationId=<your organizations OnBoard ID>" (case sensitive) into the Default Relay State field in your IdP. This should facilitate the ability to log in to OnBoard from your identity provider. See an example below:
Comments
0 comments
Article is closed for comments.