How to set up Single Sign-On with Onelogin

This article outlines the steps required to set up Single Sign-On [SSO] with Onelogin authentication.  Users can then use Onelogin authentication to access the Spoke Phone mobile app, desktop app and account portal.

You will need to have an account with admin access to Onelogin to complete this configuration.

Contents

Setup Onelogin Custom Connector

Assign users to the Custom Connector

Complete your Spoke Phone SSO configuration

User Provisioning

 

Setup Onelogin Custom Connector

The first step is to set up a custom application to connect to Spoke Phone.

  1. Navigate to Applications > Applications and click Add App

    2021-08-17_09_39_58-SSO.png

  2. In the search field, type SAML custom and hit enter then select the SAML Custom Connector

    2021-08-17_09_44_55-SSO.png

  3. On the configuration page of the new app enter a display name e.g. Spoke Phone, optionally add a logo and description.

    2021-08-17_09_47_02-SSO.png

  4. Click Save

  5. In the new application navigate to Configuration and complete the following fields:
    Audience (EntityID) =  
    urn:amazon:cognito:sp:us-east-1_QElIJGlYT

    ACS (Consumer) URL Validator* =  
    https://sso.spokephone.com/saml2/idpresponse

    ACS (Consumer) URL* =  
    https://sso.spokephone.com/saml2/idpresponse


    Leave all other fields unchanged

    2021-09-01_13_28_40-OneLogin.png

  6. Click Save to commit the configuration

  7. Navigate to Parameters and click the plus (+) button to add a new custom parameter:
    • Set Field Name =  
      email
    • Click Save
    • In the options for the Value, select Email
    • Tick the flag Include in SAML assertion
    • Click Save
  8.  Still in the Parameters section, click the plus (+) button to add another customer parameter:
    • Set Field Name =  
      firstname
    • Click Save
    • In the options for the Value, select First Name
    • Tick the flag Include in SAML assertion
    • Click Save
  9.  Still in the Parameters section, click the plus (+) button to add another customer parameter:
    • Set Field Name =  
      lastname
    • Click Save
    • In the options for the Value, select Last Name
    • Tick the flag Include in SAML assertion
    • Click Save

    2021-08-17_10_16_33-SSO.png

  10. Click Save to commit the configuration

  11. Navigate to SSO and set the SAML Signature Algorithm to SHA-256

  12. Click Save to commit the configuration

  13. Select More Actions and click on SAML Metadata

  14. Save this file locally

    2021-08-17_10_23_43-SSO.png

Assign users to the Custom Connector

  1. Ensure users within Onelogin have access to the new application

  2. Navigate to Users > Users and select a user you would like to access Spoke Phone

  3. Navigate to Applications, click the plus (+) button and then select Spoke Phone from the list.

    See your Onelogin help for more ways to enable Onelogin applications for users.

Complete your Spoke Phone SSO configuration

  1. Go to your Spoke Phone account portal online and login

  2. Navigate to Other > Advanced and select the SINGLE SIGN-ON tab at the top of the Advanced page

  3. Enter in a Company Name and select Check availability

  4. Select Upload and choose the file (e.g.) onelogin_metadata_xxxxxx.xml you saved earlier

  5. Complete the SAML Response Mapping in the Spoke Phone Account Portal as follows:
    Email =  
    email

    First Name =  
    firstname

    Last Name =  
    lastname

User Provisioning

Currently, Spoke Phone SSO does not auto-provision users.  You will need to ensure you have created the users in the Spoke Phone Account portal with the matching email addresses in your Identity Provider.

TIP: You can easily upload users directly into the Spoke Account portal using csv. 
Was this article helpful?
0 out of 0 found this helpful