OneLogin SSO

In this guide, you're going to learn how to connect OneLogin with Better Stack to enable single sign-on (SSO) for you and your colleagues.

  1. Start the SSO set-up by going to Single Sign-On configuration. Note that only organization admins have access to these settings.

  2. On this page click Connect on the Generic SAML SSO panel.

  3. Select OneLogin from the list of supported providers.

  4. Take note of the values in the Entity ID and ACS URL fields, we're going to need these in a second.

We're going to switch to OneLogin now:

  1. Visit the OneLogin Administration panel, at the URL https://<your-tenant>.onelogin.com/admin2

  2. In the top menu, click on Applications, then select Applications from the dropdown menu.

  3. Click on Add App.

  4. In the search box enter "SAML custom connector", then select "SAML Custom Connector (Advanced)" from the results.

  5. Under Display Name, enter Better Stack, then click Save.

  6. In the navigation menu on the left select Configuration.

  7. Fill in Audience (EntityID) paste the Entity ID copied from Better Stack above.

  8. Fill in Recipient with the ACS URL copied from Better Stack above.

  9. Fill in ACS (Consumer) URL Validator with ^https:\/\/betterstack.com\/users\/auth\/saml\/.*

  10. Fill in ACS (Consumer) URL with the ACS URL copied from Better Stack above.

  11. Under SAML encryption method select AES-256-CBC

  12. Click Save at the top right, to apply the changes.

  13. In the navigation menu on the left select Parameters.

  14. Click on the + icon.

  15. Fill in Field name with email, check the Include in SAML assertion box, then click Save.

  16. From the Value dropdown select Email, then click Save again.

  17. Click the + icon again.

  18. Fill in Field name with first_name, check the Include in SAML assertion box, then click Save.

  19. From the Value dropdown select First Name, then click Save again.

  20. Click the + icon one final time.

  21. Fill in Field name with last_name, check the Include in SAML assertion box, then click Save.

  22. From the Value dropdown select Last Name, then click Save again.

  23. In the navigation menu on the left select SSO.

  24. Copy the Issuer URL and SAML 2.0 Endpoint (HTTP) URL. We'll need these in a moment.

  25. Under X.509 Certificate click View Details, then Download the displayed certificate. We'll need this in a moment as well.

We'll switch to Better Stack now:

  1. Visit the "Single Sign On" page https://betterstack.com/settings/sso

  2. Under Generic SAML SSO, click Connect.

  3. Under Provider, select OneLogin.

  4. Under Identity Provider Single Sign-On URL enter the SAML 2.0 Endpoint (HTTP) URL copied above.

  5. Under Issuer URL enter the Issuer URL copied from above.

  6. Click Upload and select the Certificate file chosen above.

  7. Click Connect to confirm the configuration. You will be redirected to OneLogin. Sign in with the account you assigned to the Better Stack application, please.

Tada! Your OneLogin Single Sign-On is now configured!