New article
Recently updated
Assurance SSO | OneLogin
Who is this article for?
Administrators who want guidance with configuring SSO in Assurance through OneLogin.
Administration Access is required.
Assurance supports Single Sign-On (SSO) through OneLogin. The configuration process takes around 15 minutes and involves creating and configuring a SAML custom connector in OneLogin and then configuring SSO in Assurance.
1. How to create a SAML Custom Connector in OneLogin?
Creating and configuring a SAML Custom Connector in OneLogin
To create and configure a SAML Custom Connector in OneLogin, refer to SAML Custom Connector (Advanced). You will be redirected to the OneLogin Help Centre.
1. Sign in to the OneLogin Admin Console.
2. Navigate to Applications -> Add App -> SAML Custom Connector (Advanced).
3. Under the Portal section, enter 'Ideagen Policy Logic Assurance' as the Display Name and then select Save.
4. Under the Application details section, configure the following SAML Settings and then select Save.
| Option | SAML Setting |
| Audience (EntityID) |
Enter the following value, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| ACS (Consumer) URL Validator |
Enter the following URL, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| ACS (Consumer) URL |
Enter the following URL, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
5. On the User screen, assign users and group to the application as required. We suggest configuring a dynamic group with all users.
6. On the SSO screen, copy the following values. You will need these when configuring SSO in Assurance later in the setup process.
- SHA-1 fingerprint
- SAML 2.0 Endpoint
2. How to configure SSO in Assurance?
1. Select the Administration cog icon from the navigation bar and then select the Organisation button under the 'General' section.
2. On the Organisation screen, select the Edit button under the 'Details' tab.
3. Under the 'Sign On & Security' section, select the Single Sign On through SAML option.
4. In the fields that appear, update the following values.
| Field | Value |
| Name | Enter a user-facing display name, like 'OneLogin', which will appear on the Login screen as a 'Sign in using OneLogin' button. |
| Issuer |
Enter the following Issuer, replacing '{subdomain}' with your organisation's Assurance subdomain:
|
| IDP SSO Target URL | Enter the 'SAML 2.0 Endpoint' value from OneLogin. |
| Federation XML URL | (Leave this blank) |
| IDP Certificate SHA1 Fingerprint | Enter the 'SHA-1 fingerprint' value from OneLogin |
| ID Claim/Name ID Format | urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
| Restrict login to use Single Sign On only | When selected, the email and password fields will be hidden on the login screen. |
5. Select the Update button to save your changes.
6. Sign out of Assurance by selecting your avatar icon from the navigation bar and then selecting the Logout option from your account dropdown menu. You will be directed to the Login screen.
7. Select the button to Sign in using {Name} and verify that SSO is working as expected.
3. Configuration assistance
If you require additional assistance with configuring SSO, our Professional Services team is here to help.
Our consultants can assist you with the configuration process, ensuring a seamless and efficient integration tailored to your specific needs.
To engage our Professional Services team, please get in touch today, and we will be happy to assist you further.
4. Limitations
3.1. No Assurance user found for email
Symptom
User receives a 'No Assurance user found for email' message when logging in using SSO.
Resolution
Ensure an Assurance account with the corresponding email has been created for the user before trying again.