- 26 Jan 2022
- 3 Minutes To Read
- Print
- DarkLight
- PDF
Using OneLogin as your Identity Provider (IdP)
- Updated On 26 Jan 2022
- 3 Minutes To Read
- Print
- DarkLight
- PDF
Set up federated authentication with OneLogin
Federated Authentication (FA) enables organizations to manage the identities and the credentials of the users in a centralized way using identity providers (IdPs) such as OneLogin.
To set up FA with OneLogin:
- Sign in to OneLogin with an admin account and go to Apps.
- Create a new application by selecting ADD APP.
- Enter SAML Test Connector (IdP) in the Search box and then select SAML Test Connector (IdP).
- Go to the Info tab and enter a Display Name for the application.
- Go to the Configuration tab and enter the required information.
- Audience, Recipient and ACS (Consumer) URL should all be the URL that points to the login endpoint of Mambu (for example
https://TENANT_NAME.mambu.com/saml/login
). - Single Logout URL should be the URL that points to the logout endpoint of Mambu (such as
https://TENANT_NAME.mambu.com/saml/logout
).
- Go to the Parameters tab and select Add parameter.
- Enter the Email, First Name, and Last Name. For NameID (previously Email) use Email.
Be sure to select the Include in SAML assertion check box for all the parameters.
- Go to the SSO tab, and the values will be prepopulated. Select Save. These values will be copied and pasted into the Federated Authentication tab in Mambu.
Make sure you have at least one user created/migrated into your IdP and that user is assigned to the SAML app you created.
In Mambu:
- On the main menu, go to Administration > Access > Federated Authentication and select the Enable Sign Sign-On check box with the Manual Settings option selected as well.
- Enter the Name you would like to use for your IdP.
- Enter the Single Sign-On Endpoint, this will be the SAML 2.0 Endpoint (HTTP) from the SSO tab in OneLogin.
- On the SSO tab, get the certificate from One Login: select View Details under X.509 Certificate and then select Download.
Fill in the Certificate Fingerprint with the value of the following command (do not forget to use the correct certificate name / path):
openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]
On the SSO tab, in the Issuer ID box, enter the Issuer URL from OneLogin. The field ACS URL is optional, and can be empty. If filled is mapped with the value from the field - ACS (Consumer) URL from Configuration panel.
Select Test SSO Connection and enter the username and password of your OneLogin account.
- If the setup was successful, select Save Changes.
Add and assign users
To add a new user:
Sign in as an admin and go to Users, then select NEW USER.
Add values for the required fields: First Name, Last Name, and so on.
If the user already exists then, for Username and Email, enter the same values that exist in Mambu. Please take into consideration that the username and email should be unique.Select SAVE USER.
From the user's profile, go to the Applications tab, then select the plus icon, select an application, and select Continue > Save.
Optional: To change a user's password, go to MORE ACTIONS > select Change Password > enter a password > select Update.
Go to the Mambu login page and sign in via IdP. If you are a new user then the Welcome page should be displayed; otherwise, you should be redirected to the Dashboard.
Add and assign roles
To add a new role:
- Sign in as an admin and go to Users > Roles, then select NEW ROLE.
- Select the role name and go to the Users tab.
- Enter the user name in the Check existing or add new users to this role section and select CHECK > select Add To Role.
The role id from the IdP should be the same as the role name (not the role id) from Mambu.