Integrating OneLogin with env0 as a SAML provider


This guide will detail the various steps required to integrate OneLogin as a SAML provider for your env0 organization. The current implementation supports SAML 2.0 and is used for authentication only, where you define your users in your OneLogin account to enable them access to your env0 organization. You can also add env0 as an application in your user application dashboard.


  1. Login to your OneLogin Administrator account.
  2. Under the Application tab go to the Application.
  3. Click on the Add App button.
  4. In the search box enter SAML Custom Connector and select SAML Custom Connector (Advanced)

  1. Change the display name to be env0 and upload an icon.
  2. Enter a relevant description and click on the save button.

  1. Go to the configuration tab.
  2. Under Audience (EntityID) enter urn:auth0:env0:{YOUR_ENV0_ORG_ID}
  3. Under ACS (Consumer) URL Validator enter: [-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)
  4. Under ACS (Consumer) URL enter{YOUR_ENV0_ORG_ID}
  5. Under the Login URL enter
  6. In the SAML initiator dropdown select Service Provider
  7. In the SAML nameID format dropdown select Unspecified
  8. In the SAML signature element dropdown select Both
  9. Click on the save button.
  10. Go to the “Parameters” tab
  11. Add the following Parameters:
NameMarcoValueInclude in SAML assertion
NameID valuefalseEmailN/A
firstNamefalseFirst Nametrue
lastNamefalseLast Nametrue
nametrue{firstname} {lastname}true

  1. Click on the Save button.
  2. Go to the SSO tab.
  3. Copy the SAML 2.0 Endpoint (HTTP) URL.
  4. Copy the SLO Endpoint (HTTP) URL.
  5. In the X.509 Certificate click on the View Details link.
  6. Under the X.509 Certificate choose X.509 PEM and download it.
  7. Assign the relevant users to this application.
  8. Please send your account manager the SAML 2.0 Endpoint (HTTP) URL, the SLO Endpoint (HTTP) URL, and the X.509 Certificate file you have downloaded.