Using OneLogin as your Identity Provider (IdP)
  • 26 Jan 2022
  • 3 Minutes To Read
  • Dark
    Light
  • PDF

Using OneLogin as your Identity Provider (IdP)

  • Dark
    Light
  • PDF

Article summary

Set up federated authentication with OneLogin

Federated Authentication (FA) enables organizations to manage the identities and the credentials of the users in a centralized way using identity providers (IdPs) such as OneLogin.

To set up FA with OneLogin:

  1. Sign in to OneLogin with an admin account and go to Apps.
  2. Create a new application by selecting ADD APP.
  3. Enter SAML Test Connector (IdP) in the Search box and then select SAML Test Connector (IdP).

SAML Test Connector (IdP)

  1. Go to the Info tab and enter a Display Name for the application.

Info tab with application name and icons

  1. Go to the Configuration tab and enter the required information.
  • Audience, Recipient and ACS (Consumer) URL should all be the URL that points to the login endpoint of Mambu (for example https://TENANT_NAME.mambu.com/saml/login).
  • Single Logout URL should be the URL that points to the logout endpoint of Mambu (such as https://TENANT_NAME.mambu.com/saml/logout).

Configuration tab with details filled in

  1. Go to the Parameters tab and select Add parameter.
  • Enter the Email, First Name, and Last Name. For NameID (previously Email) use Email.

Please Note

Be sure to select the Include in SAML assertion check box for all the parameters.

role id new field

  1. Go to the SSO tab, and the values will be prepopulated. Select Save. These values will be copied and pasted into the Federated Authentication tab in Mambu.

Please Note

Make sure you have at least one user created/migrated into your IdP and that user is assigned to the SAML app you created.

In Mambu:

  1. On the main menu, go to Administration > Access > Federated Authentication and select the Enable Sign Sign-On check box with the Manual Settings option selected as well.
  2. Enter the Name you would like to use for your IdP.
  3. Enter the Single Sign-On Endpoint, this will be the SAML 2.0 Endpoint (HTTP) from the SSO tab in OneLogin.
  4. On the SSO tab, get the certificate from One Login: select View Details under X.509 Certificate and then select Download.

Standard Strength Certificate in OneLogin

  1. Fill in the Certificate Fingerprint with the value of the following command (do not forget to use the correct certificate name / path):

    openssl x509 -noout -fingerprint -sha256 -inform pem -in [certificate-file.crt]
    
  2. On the SSO tab, in the Issuer ID box, enter the Issuer URL from OneLogin. The field ACS URL is optional, and can be empty. If filled is mapped with the value from the field - ACS (Consumer) URL from Configuration panel.
    Enable Single Sign-On using OneLogin

  3. Select Test SSO Connection and enter the username and password of your OneLogin account.

test sso connection

  1. If the setup was successful, select Save Changes.

Add and assign users

To add a new user:

  1. Sign in as an admin and go to Users, then select NEW USER.

  2. Add values for the required fields: First Name, Last Name, and so on.
    If the user already exists then, for Username and Email, enter the same values that exist in Mambu. Please take into consideration that the username and email should be unique.

  3. Select SAVE USER.

  4. From the user's profile, go to the Applications tab, then select the plus icon, select an application, and select Continue > Save.

  5. Optional: To change a user's password, go to MORE ACTIONS > select Change Password > enter a password > select Update.

  6. Go to the Mambu login page and sign in via IdP. If you are a new user then the Welcome page should be displayed; otherwise, you should be redirected to the Dashboard.

Add and assign roles

To add a new role:

  1. Sign in as an admin and go to Users > Roles, then select NEW ROLE.

create a new role in one login

  1. Select the role name and go to the Users tab.
  2. Enter the user name in the Check existing or add new users to this role section and select CHECK > select Add To Role.
Please be Aware

The role id from the IdP should be the same as the role name (not the role id) from Mambu.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence