This topic will walk you through how to set up a OneLogin SSO/SAML integration in Ironclad.
Disclaimer: If you change your domain, your access to Ironclad is prohibited. Contact submit a request with our Support Team for assistance before migrating a domain.
Set Up OneLogin in Ironclad
Required Ironclad Permissions: Admin
- Log in to OneLogin as an admin.
- Click your profile icon located in the top right corner, and then click Profile.
- In the top navigation bar, hover over Apps, and then click Add Apps.
- In the search bar located under Find Applications, search for SAML.
- Click SAML Test Connector (Advanced) SAML 2.0.
- In the Display Name field, enter Ironclad. Click Save.
- In Ironclad, click on your name located in the top right corner of Ironclad. Navigate to Company Settings > Integrations > SAML Sign-On Configuration.
- Click Add SAML Configuration, and then click Show Additional IdP Settings. Copy the Callback URL.
- In OneLogin, click Configuration located in the grey navigation bar.
- In the ACS (ConsumeR) URL field, enter the Callback URL.
- In the ACS (Consumer) Validator field, paste the Callback URL in Regular Expression Format. To do this:
- Start regular expressions with ^ and end them with $.
- Use escape periods (.) and forward slashes (/), as demonstrated in the URL below:
- ^http:\/\/ironcladapp\.com\/saml\/account_id\/callback$
- Fill in the remaining fields. Scroll down to SAML name ID format and select Unspecified.
- Click Parameters located in the grey navigation bar, and then click Add Parameter. You must create three parameters with the following specifications:
- In the Field Name field, enter:
- firstName
- lastName
- Under Flags, select Include in SAML assertion. Click Save.
- In the Value dropdown, select the value that matches the field name, and then click Save.
- In the Field Name field, enter:
- Once you have created all three parameters, click Save located next to More Actions.
- Click SSO located in the grey navigation bar.
- Under X.509 Certificate, click View Details. Copy or download the certificate.
- In Ironclad:
- If you copied the certificate, paste it into the Identity Provider Certificate field.
- If you downloaded the certificate, under IdP Configuration XML, upload the certificate.
- In OneLogin, click SSO located in the grey navigation bar.
- Copy the link located under SAML 2.0 Endpoint (HTTP).
- In Ironclad, paste the link in the Entry Point field.
- Click Save. Your configuration is complete. You can now add existing users to the application or invite new users.
Test Set Up on SSO Provider
- In your SSO provider, navigate to the Users tab.
- Provision a test user or colleague to access Ironclad. This user cannot be listed in the Ironclad “Everyone” group.
- Select the application you created and click Save.
- Instruct the newly provisioned user to click their invitation email to log in to Ironclad.
- If the user is able to log in and see the Ironclad Dashboard, the configuration is a success. Reach out to your LE or CSM POC or submit a request with our Support Team for assistance migrating existing Ironclad users from Password Login to SSO Login.
- If the user receive an error message, follow our troubleshooting guide.