For more details on available features in other plans, click here.
Terms to Know
- Identity Provider - The tool that your team uses to provide Single Sign-On functionality. For this article, we'll be exploring a setup process for OneLogin.
- Metadata - Typically an XML file which tells the tools involved with handling your login process how to complete and validate the requests.
- Enforced SAML/SSO - A setting which specifies SAML/SSO as the primary login method for all users on your team and default login method for all new users.
As an Account Admin on a Professional or Enterprise plan, you have the option to setup single sign-on authentication method for your team. In the following article, we will explore how you can quickly and smoothly setup OneLogin as your team's SAML/SSO authentication method.
Setting Up Single Sign-On with OneLogin
Step 1 - Getting Started in OneLogin
- From your OneLogin Administration page, click into the Applications menu.
- In the page that appears, select the blue Add App button in the top-right of your Applications list.
- In the Find Applications repository, type "SAML Custom Connector" into the search bar at the top of the page.
- Select the option that appears, which should be labelled as SAML Custom Connector and should be labelled with SAML2.0 on the right-hand column.
- In the Add SAML Custom Connector page, change the application name to "Roadmunk" and click the blue Save button in the top-right corner of the screen.
Step 2 - Generating the SP Metadata File
- After the new app has saved on OneLogin, you'll be taken into the app details menu.
- Click into More Actions in the top-right corner of the screen and select the SAML Metadata option in the menu that appears. When prompted, save the onelogin_metadata.xml file to your device.
- In another tab, navigate to Roadmunk and click on your avatar in the bottom left corner and navigate to Account Settings.
- In the Account Settings menu, click into the Company tab.
- Locate the SAML/Single Sign-On (SSO) option at the bottom of the tab and click to toggle it on.
- In the menu options that appear, select Upload your IDP XML File and upload the onelogin_metadata.xml file that we saved in Step 2.
- Once that file is uploaded successfully, the button labelled Download Roadmunk Metadata will become active. Click this button to download the roadmunk_sp_metadata.xml file to your device.
Step 2 - Generating the SP Metadata File
- Navigate back into other tab to view the app details menu on OneLogin.
- In the menu on the left-hand side, select Configuration to access your custom Roadmunk app's SAML configuration settings.
- To fill out this section, we will need to pull values from the roadmunk_sp_metadata.xml file that we downloaded in Step 2. For easier readability, open a new tab in your browser and drag the XML file into it to view the file contents.
- For the configuration values below, search and locate the following values in your metadata file and paste them into their respective fields:
- Recipient - Paste the URL found in the Location="URL" value from your metadata file
- Audience (EntityID) - Paste the URL found in the entityID="URL" value from your metadata file
- ACS (Consumer) URL Validator - Copying the value found in the Recipient field, follow these instructions from OneLogin to format the URL as a secure validator if necessary. Otherwise, place an asterisk (*) in this field
- ACS (Consumer) URL - Paste the URL found in the Location="URL" value from your metadata file
- Login URL - Enter "https://login.roadmunk.com"
- SAML Initiator - Choose the Service Provider option from the drop-down menu
- Once the appropriate values have been applied above, click the Save button in the top-right corner to commit these changes.
Step 3 - Finalizing the Roadmunk Setup
- Navigating back to Roadmunk, head into the Account Settings menu once more.
- Click into the Security tab to access your active login methods.
- Clicking into the blue + Login Method button in the top-right corner of your Authentication Methods list, we can now see and select the new SSO option that appears at the bottom of the menu.
- Clicking into this will open a OneLogin sign-on screen where you can attach your login to Roadmunk. If you're already logged into OneLogin when attempting this attachment, it should complete automatically.
- If the Authentication Methods list doesn't refresh automatically, you can close out of the Account Settings and reopen them from your avatar in the bottom-left corner of your app.
Enabling Multi-Factor Authentication with OneLogin Single Sign-On
OneLogin supports a number of additional authentication layers which can help to provide an extra level of security for you and your team. A great guide on setting up multi-factor authentication for your team in OneLogin can be found here on their Knowledge Base.