OneLogin

Integrating OneLogin with env0 as a SAML provider

Introduction

This guide will detail the various steps required to integrate OneLogin as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your OneLogin account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.

Steps

  1. Login to your OneLogin Administrator account.
  2. Under the Application tab go to the Application.
  3. Click on the Add App button.
  4. In the search box enter SAML Custom Connector and select SAML Custom Connector (Advanced)
  1. Change the display name to be env0 and upload an icon.
  2. Enter a relevant description and click on the save button.
  1. Go to the configuration tab.
  2. Under Audience (EntityID) enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
  3. Under ACS (Consumer) URL Validator enter: [[email protected]:%._\+~#=]{2,256}\.[a-z]{2,6}\b([[email protected]:%_\+.~#?&//=]*)
  4. Under ACS (Consumer) URL enter https://login.app.env0.com/login/callback?connection={YOUR_ENV0_ORG_ID}
  5. Under the Login URL enter https://app.env0.com/login/sso
  6. In the SAML initiator dropdown select Service Provider
  7. In the SAML nameID format dropdown select Unspecified
  8. In the SAML signature element dropdown select Both
  9. Click on the save button.
  10. Go to the “Parameters” tab
  11. Add the following Parameters:

Name

Marco

Value

Include in SAML assertion

NameID value

false

Email

N/A

email

false

Email

true

firstName

false

First Name

true

lastName

false

Last Name

true

name

true

{firstname} {lastname}

true

  1. Click on the Save button.
  2. Go to the SSO tab.
  3. Copy the SAML 2.0 Endpoint (HTTP) URL.
  4. Copy the SLO Endpoint (HTTP) URL.
  5. In the X.509 Certificate click on the View Details link.
  6. Under the X.509 Certificate choose X.509 PEM and download it.
  7. Assign the relevant users to this application.
  8. Please send your account manager the SAML 2.0 Endpoint (HTTP) URL, the SLO Endpoint (HTTP) URL, and the X.509 Certificate file you have downloaded.

Did this page help you?