In order to configure Interact with OneLogin for SAML single sign-on, follow the simple instructions outlined below.
The first thing that needs to be completed is the creation of the SAML Authentication source within Interact. Follow the steps on the Configuring SAML Single Sign On page to create the initial SAML source within your Interact Intranet
Log in to your OneLogin portal as an administrator. From here click on Apps -> Company Apps and then the 'Add App' button
On the apps page, search for Interact Intranet and click on the SAML2.0 option that appears
On the 'Add Interact Intranet' page, specify the title and icon as you would like it to appear on your user's homepage and click Save. You should now have Interact added and see the page shown below.
Ensure that SAML has been pre-configured in Interact according to Configuring SAML Single Sign On.
Make note of the Entity ID (URN) in Interact.
For integration to be completed, the following fields need to be completed in OneLogin.
On the Configuration screen, enter the URL of your intranet, and the URN from the Service Provider details on the "Edit Service Provider" page within Interact
Next you need to copy the relevant information from OneLogin into Interact. These details can be found on the SSO tab within OneLogin configuration as shown below.
OneLogin provides a metadata URL that you can use to automatically populate Identity Provider details in Interact.
Use OneLogin's "Issuer URL" and import this according to the "Automatic Import" section of Configuring SAML Single Sign On.
Copy the value from the Issuer URL box on OneLogin into the Identity Provider URN field in Interact. Next, copy the value from the SAML 2.0 Endpoint (HTTP) field from OneLogin into the Identity Login field in Interact. Next, ensure that the 'Authenticate Using' field in Interact has Email Address selected, and the various options denoted by the checkboxes are as required.
The final part of the configuration is to upload the certificate from OneLogin into Interact. The certificate can be downloaded from OneLogin by clicking the 'View Details' link under the X.509 Certificate field in OneLogin. This should take you to the page shown below with a download button
Download the certificate to your local machine by clicking the download button. This should save a file called 'onelogin.pem' to your machine. This file needs to be uploaded to Interact, however, Interact is expecting a .cer file, so before uploading to Interact the file extension needs to be changed to .cer
Once the extension has ben changed, you can upload this to Interact by clicking the 'Choose File' button in the Certificate section of the Edit SAML Authentication page in Interact. With all the done, clicking 'save' should save the details in Interact and the integration should be complete.
In order fo users to log in to Interact via OneLogin, the user account needs to be present in OneLogin and also in Interact, and the user has to be given access in OneLogin. To find out how to do this, please consult the OneLogin documentation.
If you need to make any changes to the Edit SAML Authentication page after the SAML source was added, you may not see the changes immediately - the settings are cached to improve performance; wait ten minutes before trying again.
Updated about 1 year ago