Skip to main content

OneLogin SSO Configuration

This basic guide shows how to configure OneLogin with uStudio Podcast. Please note that this guide may not cover everything your organization may want to set up.

PREREQUISITE

uStudio needs a sign-on URL and certificate. See Step 4, part 3 for details.

Step 1: Creating an OneLogin SSO Application

  1. Login into OneLogin as an administrator.
  2. Select the Applications tab.
  3. Click Add App in the top-right corner.
    onelogin_01.png
  4. Search for “SAML Test Connector (Advanced).”
  5. Click “SAML Test Connector (Advanced)” to add it.
    onelogin_02.png
  6. Set Display Name to (e.g. uStudio SSO).
  7. Disable Visible in portal because we’re service provider initiated.
  8. Click Save to continue.
    onelogin_03.png

Step 2: Configuration

  1. Select the Configuration tab.
  2. Leave RelayState blank.
  3. Set Audience (EntityID) to urn:auth0:ustudioinc:prod-companycode-podcast-sso.
  4. Set Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL to https://ustudioinc.auth0.com/login/callback?connection=prod-companycode-podcast-sso.
    Note: companycode is provided by uStudio.
  5. Set Single Logout URL to https://ustudioinc.auth0.com/logout.
    onelogin_04.png
  6. Set Login URL to https://podcast-web.ustudio.com/COMPANYCODE.
    Note: COMPANYCODE is provided by uStudio.
  7. Set SAML not valid before to 3.
  8. Set SAML not valid on or after to 3.
  9. Set SAML initiator to Service Provider.
  10. Set SAML nameID format to Email.
  11. Set SAML issuer type to Specific.
    onelogin_05.png
  12. Set SAML signature element to Response.
  13. Check Encrypt assertion.
  14. Set SAML encryption method to TRIPLEDES-CBC.
  15. Uncheck Sign SLO Response.
  16. Set SAML sessionNotOnOrAfter to 1440.
  17. Uncheck Generate AttributeValue tag for empty values.
  18. Uncheck Sign SLO Request.
    onelogin_05a.png
  19. Click Save to continue.

Step 3: Parameters

  1. Select the Parameters tab.
  2. Select Configured by admin under Credentials are.
  3. [Optional] Click the + button to add a parameter with Field set to email and Value set to Email. When editing the parameter, check Include in SAML assertion (see below for details).
  4. [Optional] Click the + button to add a parameter with Field set to family_name and Value set to Last Name. When editing the parameter, check Include in SAML assertion (see below for details).
  5. [Optional] Click the + button to add a parameter with Field set to given_name and Value set to First Name. When editing the parameter, check Include in SAML assertion (see below for details).
  6. [Optional] Click the + button to add a parameter with Field set to groupName and Value set to User Roles with Semicolon Delimited input (Multi-value output) selected. When editing the parameter, check Include in SAML assertion and check Multi-value parameter (see below for details).
    Note: To establish 1 to 1 parity with our system, we use User Roles to define groups because we support users assigned to multiple groups and OneLogin only supports that a user is assigned to one Group at a time.
  7. Click Save to continue.
    onelogin_update_01.png
    onelogin_07.pngonelogin_08.png

Step 4: SSO

  1. Select the SSO tab.
  2. Set SAML Signature Algorithm to SHA-256.
  3. Send the Issuer URL to your uStudio support agent or support@ustudio.com. This link is the metadata file containing your sign-on url and certificate.
    onelogin_09.png
  4. Click Save to continue.

Step 5: Go back to Configuration

  1. Select the Configuration tab.
  2. Scroll to the bottom.
  3. Insert uStudio’s certificate.
    onelogin_10.png
  4. Click Save.

Step 6: Assigning Users, Groups, and Roles

In this guide, we are going to consider Roles as Groups because of OneLogin’s caveats. OneLogin by default has a Roles attribute, but not a Groups attribute. OneLogin also only allows one group to be assigned to a user.

To assign a user:

  1. Select Users under the Users drop-down.
  2. Click on a user.
    onelogin_11.png
  3. Select Applications.
  4. Click the + button to add an application to this user.
  5. Select the application name from the drop-down.
  6. Click Continue.
    onelogin_12.png
  7. Click Save.
    onelogin_13.png

To assign a role:

  1. Select Roles under the Users drop-down.
  2. Click New Role.
    onelogin_14.png
  3. Name the role (e.g. Admins).
  4. Select the uStudio SSO (name may vary) application.
  5. Click Save.
    onelogin_15.png
  6. Select the newly created role.
  7. Select Users from the left bar.
  8. Type in a user’s name and click Check.
  9. Click Add to Role.
  10. Click Save.
    onelogin_16.png

By this point, your user will be assigned to uStudio and with a corresponding Group as a Role.

Step 7: Test with uStudio

Login into uStudio Enterprise Podcast on mobile and web. Tell your uStudio Support Agent or support@ustudio.com to verify the SSO connection.

Facebook Twitter LinkedIn
Where Media Goes to Work ™
©2020 uStudio, Inc.
Privacy Security
Home About Press Patents Contact Blog Community Careers