This article outlines the steps required to set up Single Sign-On [SSO] with Onelogin authentication. Users can then use Onelogin authentication to access the Spoke Phone mobile app, desktop app and account portal.
You will need to have an account with admin access to Onelogin to complete this configuration.
Contents
Setup Onelogin Custom Connector
Assign users to the Custom Connector
Complete your Spoke Phone SSO configuration
Setup Onelogin Custom Connector
The first step is to set up a custom application to connect to Spoke Phone.
- Navigate to Applications > Applications and click Add App
- In the search field, type SAML custom and hit enter then select the SAML Custom Connector
- On the configuration page of the new app enter a display name e.g. Spoke Phone, optionally add a logo and description.
- Click Save
- In the new application navigate to Configuration and complete the following fields:
Audience (EntityID) =urn:amazon:cognito:sp:us-east-1_QElIJGlYT
ACS (Consumer) URL Validator* =https://sso.spokephone.com/saml2/idpresponse
ACS (Consumer) URL* =https://sso.spokephone.com/saml2/idpresponse
Leave all other fields unchanged - Click Save to commit the configuration
- Navigate to Parameters and click the plus (+) button to add a new custom parameter:
- Set Field Name =
email
- Click Save
- In the options for the Value, select Email
- Tick the flag Include in SAML assertion
- Click Save
- Set Field Name =
- Still in the Parameters section, click the plus (+) button to add another customer parameter:
- Set Field Name =
firstname
- Click Save
- In the options for the Value, select First Name
- Tick the flag Include in SAML assertion
- Click Save
- Set Field Name =
- Still in the Parameters section, click the plus (+) button to add another customer parameter:
- Set Field Name =
lastname
- Click Save
- In the options for the Value, select Last Name
- Tick the flag Include in SAML assertion
- Click Save
- Set Field Name =
- Click Save to commit the configuration
- Navigate to SSO and set the SAML Signature Algorithm to SHA-256
- Click Save to commit the configuration
- Select More Actions and click on SAML Metadata
- Save this file locally
Assign users to the Custom Connector
- Ensure users within Onelogin have access to the new application
- Navigate to Users > Users and select a user you would like to access Spoke Phone
- Navigate to Applications, click the plus (+) button and then select Spoke Phone from the list.
See your Onelogin help for more ways to enable Onelogin applications for users.
Complete your Spoke Phone SSO configuration
- Go to your Spoke Phone account portal online and login
- Navigate to Other > Advanced and select the SINGLE SIGN-ON tab at the top of the Advanced page
- Enter in a Company Name and select Check availability
- Select Upload and choose the file (e.g.) onelogin_metadata_xxxxxx.xml you saved earlier
- Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
Email =email
First Name =firstname
Last Name =lastname
User Provisioning
Currently, Spoke Phone SSO does not auto-provision users. You will need to ensure you have created the users in the Spoke Phone Account portal with the matching email addresses in your Identity Provider.
TIP: You can easily upload users directly into the Spoke Account portal using csv.
- For uploading users to Spoke Phone see How to bulk-add and invite users to Spoke Phone by email