SSO - IT - Single Sign-On Application Setup for SAML Identity Providers

Eric Biddle
Eric Biddle
  • Updated

The purpose of this article is to describe the steps involved, information needed, and order of operations to properly set up the OnBoard SSO application inside of your Identity Provider.  

This will cover SAML setup methods.

Note: SAML is recommended and will also be a slightly less involved process setup. If you need to use OIDC please use this article: IT - Single Sign-On Application Setup for OIDC Identity Providers

 

SSO Quick Overview

The general overview for the OnBoard SSO settings can be viewed below:mceclip12.png

Azure AD 

  1.  Log in to your Azure Portal from https://portal.azure.com/.

  2.  Go to Azure Active Directory, then to Enterprise Applications.
    mceclip5.png

  3. Click New Application.
    mceclip6.png

  4. If you don't see an option to add a Non-gallery Application, click to switch to the legacy app gallery. Click to add a Non-Gallery Application.
    mceclip7.png

  5. Name it OnBoard, and click Add.
    mceclip8.png

  6. Click Single Sign-On and then select SAML.
    mceclip9.png

  7. Click the Edit button at the top right of the Basic SAML Configuration section.
    mceclip10.png

  8. For Entity ID enter OnBoard.

  9. For Reply URL (ACS URL) enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 
    mceclip11.png

  10. Save.

  11. Click Edit on the User Attributes & Claims section.
    mceclip12.png

  12. For Unique User Identifier set this to Email.

  13. Save.

  14. Go down to the SAML Signing Certificate and Copy the App Federation Metadata URL to import into OnBoard.
    mceclip13.png

  15. If you would like to add the OnBoard logo to your SSO app, right-click and save the below images to download one of our Rectangular icons and Square icons.
    onboard-rect-logo.png    onboard-sq-logo.png

 

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation

  2. Click on the Security tab at the top of the screen. 

  3. Click the toggle on the Enable SSO option.
    mceclip14.png

  4. This will expand the SSO options, you'll then want to click on "Set Domain."
    mceclip0.png


  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
    mceclip2.png

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png
  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png


  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png


  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
    mceclip6.png

  10. Set the Authentication Framework to SAML, and your Provider to Azure AD, then click Next.
    mceclip7.png


  11. Enter the Display Name. This usually would be something related to your organization. 
    mceclip8.png
  12. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    mceclip9.png


  13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization.
    mceclip24.png

  14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.

OneLogin

  1. Log in to your OneLogin account.
    mceclip30.png

  2. Go to the Administration panel (3 lined icon at the top left corner) and click on Applications, then Applications from the menu.
    mceclip31.png

  3. Click Add App at the top right of the page.
    mceclip32.png

  4. Search for "SAML Test Connector" and click on "SAML Test Connector (Advanced)" to add it.
    mceclip33.png

  5. Set Display Name as OnBoard.
    mceclip34.png

  6. Right-click and save the below images to download one of our Rectangular icons and Square icons if you'd like the OnBoard logo to show up for the SSO app.
    onboard-rect-logo.png    onboard-sq-logo.png


  7. Upload the images to the corresponding spots.
    mceclip35.png

  8. Add a description if you'd like.
    mceclip36.png

  9. Click Save.
    mceclip37.png

  10. Go to Configuration in the left menu.
    mceclip38.png

  11. Set Audience (EntityID) to 
    2024-04-05_15-45-43.png
  12. For Recipient enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService

  13. For ACS (Consumer) URL Validator field enter https:/\/\auth\.onboardmeetings\.com/\Home/\Saml2AssertionConsumerService 

  14. For ACS (Consumer) URL field enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService 

  15. Click Save.
    2024-04-05_16-13-12.png

  16. Click on SSO in the left navigation.
    mceclip47.png

  17. Copy the Issuer URL and SAML 2.0 Endpoint (HTTP) from the OneLogin setup to import into OnBoard.
    2024-04-08_12-18-39.png

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation

  2. Click on the Security tab at the top of the screen. 

  3. Click the toggle on the Enable SSO option.
    mceclip14.png

  4. This will expand the SSO options, you'll then want to click on "Set Domain."
    mceclip0.png


  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
    mceclip2.png

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png
  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png


  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png


  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
    mceclip6.png

  10. Set the Authentication Framework to SAML, and your Provider to OneLogin, then click Next.
    mceclip10.png


  11. Enter the Display Name. This usually would be something related to your organization. 
    mceclip8.png
  12. Paste in the App Federation Metadata URL into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    mceclip9.png


  13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization.
    mceclip24.png

  14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.


Okta

  1. Log in to your Okta account.

  2. Click on Admin button at the top right.
    mceclip0.png

  3. Click on the Okta menu button at the top left corner.mceclip1.png

  4. Expand Applications in the menu, then click Add Applications.
    mceclip2.png

  5. Click on Create App Integration.
    mceclip3.png

  6. Set the Sign-in method should be set to SAML 2.0, then click Next.
    mceclip4.png

  7. For App Name, enter OnBoard.
    mceclip5.png

  8. For the App Logo, right-click and save the below image to download one of our Rectangular icons if you'd like the OnBoard logo to show up for the SSO app.
    onboard-rect-logo.png


  9. Click Upload New icon and upload the App Logo.
    mceclip6.png

  10. Click Next.
    mceclip7.png
  11. For Single sign on URL enter https://auth.onboardmeetings.com/Home/Saml2AssertionConsumerService
    mceclip8.png

  12. Set Audience URI (SP Entity ID) of OnBoard.
    mceclip9.png

  13. Click Show Advanced Settings to expand.
    mceclip10.png

  14. Set Response to Signed.

  15. Assertion Signature should be set to Signed.

  16. Set Assertion Encryption to Unencrypted.
    mceclip14.png

  17. Scroll all the way down and click on Next.
    mceclip12.png

  18. Select "I'm an Okta customer adding an internal app."

  19. Check "This is an internal app that we have created."

  20. Click Finish.
    mceclip13.png

  21. Click on the Sign On tab and click the "View Setup Instructions" button.
    mceclip15.png

  22. Copy the Identity Provider Single Sign-On URL issued from the "View Setup Instructions" to import into OnBoard.
    mceclip16.png

 

From the Admin side back in OnBoard:

  1. Log in to OnBoard and click on Settings in the left navigation

  2. Click on the Security tab at the top of the screen. 

  3. Click the toggle on the Enable SSO option.
    mceclip14.png

  4. Set the Authentication Framework to SAML, and your Provider to Okta.
    mceclip25.png

  5. Here you can enter the Sign-On Domain used for your SSO, and your Email Address, then click Next.
    mceclip2.png

  6. On the next screen you'll be prompted for an Authentication Code:
    mceclip3.png
  7. To get that, we'll just want to check the inbox of the email address we entered for the prior step, which should receive an Authentication Code in the email. Copy this code:
    mceclip4.png


  8. And paste into the Code box, or manually enter the code if copying and pasting won't work. Then click Next.
    mceclip5.png


  9. This will return us to the Enable SSO options, and we can now click the "Configure Provider" button.
    mceclip6.png

  10. Set the Authentication Framework to SAML, and your Provider to Okta, then click Next.
    mceclip11.png

  11. Enter the Display Name. This usually would be something related to your organization. 
    mceclip8.png
  12. Paste in the Identify Provider Signle Sign-On URL from step 22 above into the IDP Metadata URL field. This will disable the IDP Metadata field since it is not necessary in this case. Then click the "Set Configuration" button.
    mceclip9.png


  13. If you would like to Enforce the SSO login for the organization, check the Enforce SSO for this organization option. 
    Important Note: Enforcing SSO for the organization will require ALL users to access the organization through their pre-existing SSO credentials. If they do not have an SSO account they will be unable to log in to the organization.
    mceclip24.png

  14. Share this article with your members to assist them with logging in with SSO: Logging in with Single Sign-On.

 

Setting Up IdP Initiated SSO (optional)

If your organization would like to also set up IdP initiated SSO, you will be able to do so through the following.

If you log in to OnBoard and open your Organization, we'll just need you to copy the Organization ID in your browser's address bar near the top of the screen. 

mceclip0.png

From there, you can add "OrganizationId=<your organizations OnBoard ID>" (case sensitive) into the Default Relay State field in your IdP. This should facilitate the ability to log in to OnBoard from your identity provider. See an example below:
blobid0.jpg

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.