Product guides

Dashboard SSO - OneLogin

Suggest Edits

Dashboard SSO - OneLogin

By default, HUMAN uses standard authentication to grant all HUMAN Dashboard users a simple, secure login experience. However, if your organization uses single sign-on (SSO) to manage internal user accounts across multiple tools, you can configure your SSO platform to access the HUMAN Dashboard. This allows your users to log in to the HUMAN Dashboard with their SSO credentials and gives your organization greater control over user access and permissions.

This guide explains how to configure SSO access through OneLogin. We also offer an SSO integration with Okta.

Requirements

Before you begin, you must notify HUMAN that you want to enable OneLogin SSO access for your organization. A HUMAN representative will provide you with a set of unique identity credentials that you'll need to provide when you configure your OneLogin instance.

You'll also need a OneLogin account with Super User permissions.

Configure OneLogin

After you’ve obtained the required credentials from HUMAN, you can integrate your OneLogin instance with the HUMAN Dashboard. To configure OneLogin, complete the following steps:

  1. Sign in to your OneLogin portal, then navigate to Administration > Applications.
  2. Select Add App.

Add App

  1. On the Find Applications menu, search for “saml”; then choose SAML Custom Connector (Advanced) (SAML2.0).

Find SAML

  1. On the Configuration tab of the Add SAML Custom Connector (Advanced) menu, enter “HUMAN Security Dashboard” in the Display Name field. You can also upload an icon for your connector, but it's not required.
  2. Select Save.

Save Info

  1. On the Configurations tab of the SAML Test Connector (Advanced) menu, set the Audience (EntityID), Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL fields to the values that HUMAN provided you with.

  2. On the same tab, verify that each field is set to the following values:

    • SAML not valid before = 3
    • SAML not valid on or after = 3
    • SAML initiator = OneLogin
    • SAML nameID format = Email
    • SAML issuer type = Generic
    • SAML signature element = Both
    • Encrypt assertion = No (box unchecked)
    • SAML encryption method = AES-128-CBC
    • Send NameID Format in SLO Request = No (box unchecked)
    • Generate AttributeValue tag for empty values = No (box unchecked)
    • SAML sessionNotOnOrAfter = 1440
    • Sign SLO Request = No (box unchecked)
    • Sign SLO Response = No (box unchecked)

Configurations

  1. On the Parameters tab, set the Credentials are option to Configured by admin.

  2. On the same tab, create three custom parameters called email, firstName, and lastName. As you create each parameter, ensure that the Include in SAML assertion checkbox is selected. Then verify that each parameter is set to the following values:

    • NameID value = Email
    • email = Email
    • firstName = First Name
    • lastName = Last Name

  3. On the SSO tab, select SHA-256 from the SAML Signature Algorithm drop-down menu.

  4. Select Save.

Finalize

  1. After you’ve created your connector, navigate back to the SSO tab.
    The Issuer URL and SAML 2.0 Endpoint (HTTP) fields each contain a URL value.
  2. Send these two URLs to a HUMAN representative so we can finalize your OneLogin integration.

After this process is complete, you'll be able to manage your organization's SSO access to the HUMAN Dashboard.

Updated 6 days ago