OneLogin

Introduction

This guide will detail the various steps required to integrate OneLogin as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your OneLogin account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.

Steps

Login to your OneLogin Administrator account.
Under the Application tab go to the Application.
Click on the Add App button.
In the search box enter SAML Custom Connector and select SAML Custom Connector (Advanced)

Change the display name to be env0 and upload an icon.
Enter a relevant description and click on the save button.

Go to the configuration tab.
Under Audience (EntityID) enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
Under ACS (Consumer) URL Validator enter: [-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)
Under ACS (Consumer) URL enter https://login.app.env0.com/login/callback?connection={YOUR_ENV0_ORG_ID}
Under the Login URL enter https://app.env0.com/login/sso
In the SAML initiator dropdown select Service Provider
In the SAML nameID format dropdown select Unspecified
In the SAML signature element dropdown select Both
Click on the save button.
Go to the “Parameters” tab
Add the following Parameters:

Name	Marco	Value	Include in SAML assertion
NameID value	false	Email	N/A
email	false	Email	true
firstName	false	First Name	true
lastName	false	Last Name	true
name	true	{firstname} {lastname}	true

Click on the Save button.
Go to the SSO tab.
Copy the SAML 2.0 Endpoint (HTTP) URL.
Copy the SLO Endpoint (HTTP) URL.
In the X.509 Certificate click on the View Details link.
Under the X.509 Certificate choose X.509 PEM and download it.
Assign the relevant users to this application.
Please send your account manager the SAML 2.0 Endpoint (HTTP) URL, the SLO Endpoint (HTTP) URL, and the X.509 Certificate file you have downloaded.