This basic guide shows how to configure OneLogin for Admin SSO with uStudio Platform. Please note that this guide may not cover everything your organization may want to set up.
- Login into OneLogin as an Admin.
- Go to Applications.
- Click Add App.
- Search for "SAML Custom Connector (Advanced)" by OneLogin, Inc.
- Click "SAML Custom Connector (Advanced)" to begin configuration.
- In the Info section, set Display Name to uStudio Admin SSO.
- Set Visible in portal to off. We're SP-Initiated, so clicking the app won't work.
- In the Configuration section, set Audience (EntityID), Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL to https://login.ustudio.com/auth/realms/platform-users/broker/companycode/endpoint
Note: your companycode is provided by uStudio - Scroll down, set SAML initiator to Service Provider.
- Set SAML nameID format to Email.
- Set SAML issuer type to Specific.
- Set SAML signature element to Response.
- In the Parameters section, create a custom parameter by clicking the + symbol with Field Name set to email, Include in SAML assertion flag checked, and Value set to Email.
- Create another custom parameter by clicking the + symbol with Field Name set to family_name, Include in SAML assertion flag checked, and Value set to Last Name.
- Create another custom parameter by clicking the + symbol with Field Name set to given_name, Include in SAML assertion flag checked, and Value set to First Name.
- In the SSO section, set SAML Signature Algorithm to SHA-256.
- Send uStudio Support your X509 Certificate and Sign-on URL or metadata XML file. This can be obtained by the Issuer URL.
- Determine which admin Users need Access.
- Click Save.
- Test Admin SSO connection with uStudio Support.