Use OneLogin for SSO authentication

Learn how to use OneLogin for Single Sign-On (SSO) authentication with SAML 2.0 so members of your organization can sign in to Kobiton using their OneLogin credentials.

Get Kobiton parameters

First, you’ll need to save a copy of your Kobiton SSO attributes so you can easily add them to your IdP later.

Select your profile name or picture, then choose Settings.

Select your profile name and select Settings

Choose SSO Settings.

SSO settings page

From Basic configuration, copy the following values and save them to a note:

  • Entity ID (or Audience URL)

  • Reply (or SSO, or ACS) URL

Basic configuration step in SSO settings

From User attributes (or parameters), copy the following values and save them to a note:

  • email

  • firstName

  • lastName

  • phoneNumber

  • memberOf

User attributes or parameters step in SSO settings

Later you’ll finish configuring your Kobiton SSO settings so keep this browser window open.

Create IdP application

In Onelogin, select Applications, then Add App.

Select Applications, then Add App in OneLogin

In the search bar, enter SAML Test Connector, then select SAML Test Connector (Advanced).

Select SAML Test Connector (Advanced)

Enter a display name and add a logo to customize your sign-in portal, then select Save.

Enter a display name and add a logo to customize your sign-in portal, then select <strong>Save</strong>

You’ll be automatically redirected to your Info page. Select Configuration to go back to setting up OneLogin.

Using your Kobiton SSO parameters from earlier, fill out the Application details, then select Save.

Application details window

Map parameters

Now that your IdP application is created, you’ll need to create OneLogin SSO parameters mapped to Kobiton. Go to Parameters to get started.

Go to Parameters tab on OneLogin

Select the blue + icon to open the parameter creation form.

Open Parameters creation form

Use the following information to create and map each parameter:

Parameter 1

  • Field name: email

  • Value: Email

  • Include in SAML assertion: ☑

  • Multi-value parameter: ☐

Parameter 2

  • Field name: firstName

  • Value: First Name

  • Include in SAML assertion: ☐

  • Multi-value parameter: ☐

Parameter 3

  • Field name: lastName

  • Value: Last Name

  • Include in SAML assertion: ☑

  • Multi-value parameter: ☐

Parameter 4

  • Field name: memberOf

  • Value: User Roles

  • Include in SAML assertion: ☑

  • Multi-value parameter: ☐

Parameter 5

  • Field name: phoneNumber

  • Value: Phone

  • Include in SAML assertion: ☑

  • Multi-value parameter: ☐

When your finished, your five custom parameters will be listed beneath SAML Test Connect (Advanced) Field:

Custom SSO Parameters

Get IdP parameters and download certificate

Next you’ll need to save a copy of your OneLogin parameters and download your X.509 certificate. Select SSO to get started.

Select SSO in SAML Test Connector

Copy the following values and save them to a note:

  • Issuer URL

  • SAML 2.0 Endpoint (HTTP)

  • SLO Endpoint (HTTP)

Next, select View Details.

Select View Details

Choose X.509 PEM from the dropdown, then select Download to download your X.509 certificate.

select <strong>Download</strong> to download your X.509 certificate

Add IdP parameters and certificate to Kobiton

Now, you’ll need to add your IdP parameters and certificate to your Kobiton organization. In your SSO Settings, scroll down to Set up at Kobiton side.

Scroll down to step Set up at Kobiton side

Add your IdP parameters and certificate to the following:

  • Identity provider issuer

  • Identity issuer URL

  • Identity provider sign in URL

  • Identity provider sign out URL

  • Identity provider certificate

    The Identity provider certificate must be a .pem file. If the certificate downloaded from the IdP has a different file extension (such as .cert), rename it to .pem before uploading.

Verify and save configuration

Important: Make sure you have created an account with the same email as the currently logged in Kobiton account and assign the new SAML application to that user on the IdP side before continuing.

Select Verify to test your SSO configuration.

The Verify button under Verify Configuration

The system will open a new browser tab to the SSO login page. In this new tab, logs in using the account that has the same email as the current Kobiton account.

If logged in successfully, go back to the previous browser tab with the SSO Settings opened.

Wait for a while for the SSO Settings page to automatically reload (do not force reload the page) and a success message displays like the below:

The success message under Verify Configuration

After receiving the success response, select Save to complete your SSO configuration.

After verifying and saving the configuration, you can turn on Enforce users to login to Kobiton only through SSO to force the users to log in only via SSO (optional).

When SSO login enforcement is turned on:

  • You can add existing users to be exempted from the SSO login enforcement by adding the username into the Choose users who are allowed to login without SSO field.

    The list of users that are exempted from the enforcement list when SSO enforcement is enabled

  • You also gain access to Specify Organization Access Restrictions with the ability to enable Pass role/team assignments to users in the SAML validations. Choose the method that’s best for your organization.

    The Specify Organization Access Restrictions step in SSO settings