Skip to main content

Set Up OneLogin SSO/SAML Integration

Ariana Kemp
  • Updated

This topic will walk you through how to set up a OneLogin SSO/SAML integration in Ironclad.

Disclaimer: If you change your domain, your access to Ironclad is prohibited. Contact Support (support@ironcladhq.com) for assistance before migrating a domain.

Skip To:

 

 

Set Up OneLogin in Ironclad

Required Ironclad Permissions: Admin

  1. Log in to OneLogin as an admin.
  2. Click your name located in the top right corner, and then click Profile.
  3. In the top navigation bar, hover over Apps, and then click Add Apps.
  4. In the search bar located under Find Applications, search for SAML.
  5. Click SAML Test Connector (Advanced) SAML 2.0.
  6. In the Display Name field, enter Ironclad. Click Save.
  7. In Ironclad, click on your name located in the top right corner of Ironclad. Navigate to Company Settings > Integrations > SAML Sign-On Configuration.
  8. Click Add SAML Configuration, and then click Show Additional IdP Settings. Copy the Callback URL.
  9. In OneLogin, click Configuration located in the grey navigation bar.Configuration.jpeg
  10. In the ACS (ConsumeR) URL field, enter the Callback URL.
  11. In the ACS (Consumer) Validator field, paste the Callback URL in Regular Expression Format. To do this:
    • Start regular expressions with ^ and end them with $.
    • Use escape periods (.) and forward slashes (/), as demonstrated in the URL below:
      • ^http:\/\/ironcladapp\.com\/saml\/account_id\/callback$
  12. Fill in the remaining fields. Scroll down to SAML name ID format and select Unspecified.SAMLNameID.jpeg
  13. Click Parameters located in the grey navigation bar, and then click Add Parameter. You must create three parameters with the following specifications:
    1. In the Field Name field, enter:
      • ​​​​​​​email
      • firstName
      • lastName
    2. Under Flags, select Include in SAML assertion. Click Save.
    3. In the Value dropdown, select the value that matches the field name, and then click Save.EditFieldEmail.jpeg
  14. Once you have created all three parameters, click Save located next to More Actions.
  15. Click SSO located in the grey navigation bar.
  16. Under X.509 Certificate, click View Details. Copy or download the certificate.
  17. In Ironclad:
    • ​​​​​​​​​​​​​​If you copied the certificate, paste it into the Identity Provider Certificate field.
    • If you downloaded the certificate, under IdP Configuration XML, upload the certificate.
  18. In OneLogin, click SSO located in the grey navigation bar.
  19. Copy the link located under SAML 2.0 Endpoint (HTTP).Endpoint.jpeg
  20. In Ironclad, paste the link in the Entry Point field.Entrypoint.jpeg
  21. Click Save. Your configuration is complete. You can now add existing users to the application or invite new users.

 ​​​​​​

 

Test Set Up on SSO Provider

  1. In your SSO provider, navigate to the Users tab.
  2. Provision a test user or colleague to access Ironclad. This user cannot be listed in the Ironclad “Everyone” group.
  3. Select the application you created and click Save.
  4. Instruct the newly provisioned user to click their invitation email to log in to Ironclad.
    • ​​​​​​​If the user is able to log in and see the Ironclad Dashboard, the configuration is a success. Reach out to your LE or CSM POC or contact support@ironcladapp.com for assistance migrating existing Ironclad users from Password Login to SSO Login.
    • If the user receive an error message, follow our troubleshooting guide.

 ​​​​​​

 

Related articles