This topic will walk you through how to set up a OneLogin SSO/SAML integration in Ironclad.
Disclaimer: If you change your domain, your access to Ironclad is prohibited. Contact submit a request with our Support Team for assistance before migrating a domain.
Set Up OneLogin in Ironclad
Required Ironclad Permissions: Admin
- Log in to OneLogin as an admin.
- Click your profile icon located in the top right corner, and then click Profile.
- In the top navigation bar, hover over Apps, and then click Add Apps.
- In the search bar located under Find Applications, search for SAML.
- Click SAML Test Connector (Advanced) SAML 2.0.
- In the Display Name field, enter Ironclad. Click Save.
- In Ironclad, click on your name located in the top right corner of Ironclad. Navigate to Company Settings > Integrations > SAML Sign-On Configuration.
- Click Add SAML Configuration, and then click Show Additional IdP Settings. Copy the Callback URL.
- In OneLogin, click Configuration located in the grey navigation bar.
- In the ACS (ConsumeR) URL field, enter the Callback URL.
- In the ACS (Consumer) Validator field, paste the Callback URL in Regular Expression Format (regex). To do this:
- Start regular expressions with ^ and end them with $.
- Use escape periods (.) and forward slashes (/), as demonstrated in the URL below:
- ^https:\/\/na1.ironcladapp.com\/saml\/account_id\/callback$
- Fill in the remaining fields. Scroll down to SAML name ID format and select Unspecified.
- Click Parameters located in the grey navigation bar, and then click Add Parameter. You must create three parameters with the following specifications:
- In the Field Name field, enter:
- firstName
- lastName
- Under Flags, select Include in SAML assertion. Click Save.
- In the Value dropdown, select the value that matches the field name, and then click Save.
- In the Field Name field, enter:
- Once you have created all three parameters, click Save located next to More Actions.
- Click SSO located in the grey navigation bar.
- Under X.509 Certificate, click View Details. Copy or download the certificate.
- In Ironclad:
- If you copied the certificate, paste it into the Identity Provider Certificate field.
- If you downloaded the certificate, under IdP Configuration XML, upload the certificate.
- In OneLogin, click SSO located in the grey navigation bar.
- Copy the link located under SAML 2.0 Endpoint (HTTP).
- In Ironclad, paste the link in the Entry Point field.
- Click Save. Your configuration is complete. You can now add existing users to the application or invite new users.
Note:
Upon login to Ironclad, if the user sees the Ironclad Dashboard, the OneLogin configuration was a success. If there are users provisioned within Ironclad prior to setting up SSO, these users will remain password login users. Reach out to Ironclad Support for assistance migrating existing Ironclad users from password login to SSO login.
Test Set Up on SSO Provider
- In your SSO provider, navigate to the Users tab.
- Provision a test user or colleague to access Ironclad.
- Note: This user cannot be listed in the Everyone group.
- Select the application you created and click Save.
- Instruct the newly provisioned user to open their invitation email and log in to Ironclad.
- If the user is able to log in and see the Ironclad Dashboard, the configuration succeeded. Reach out to your LE or CSM POC or submit a request with our Support Team for assistance migrating existing Ironclad users from Password Login to SSO Login.
- If the user receives an error message, follow our troubleshooting guide.