Dashboard SSO - OneLogin

Dashboard SSO - OneLogin

By default, HUMAN uses standard authentication to grant all Dashboard users a simple, secure login experience. However, if your organization uses single sign-on (SSO) to manage internal user accounts across multiple tools, you can configure your SSO platform to access the HUMAN Dashboard. This allows your users to log in to the HUMAN Dashboard with their SSO credentials and gives your organization greater control over user access and permissions.

This guide explains how to configure SSO access through OneLogin. We also offer an SSO integration with Okta.

Requirements

Before you begin, you must notify HUMAN that you’d like to enable OneLogin SSO access for your organization. A HUMAN representative will provide you with a set of unique identity credentials that you'll need to provide when you configure your OneLogin instance.

You'll also need a OneLogin account with Super User permissions.

Configure OneLogin

After you’ve obtained the required credentials from HUMAN, you can integrate your OneLogin instance with the HUMAN Dashboard. To configure OneLogin, complete the following steps:

  1. Sign in to your OneLogin portal, then navigate to Administration > Applications.
  2. Select Add App.

Add App

  1. From the Find Applications menu, search for “SAML”, then choose SAML Custom Connector (SAML2.0).

Find SAML

  1. From the Info tab of the SAML Custom Connector menu, enter “HUMAN Security Dashboard” in the Display Name field. You can also upload an icon for your connector, but an icon is not required.
  2. Select Save.

Save Info

  1. From the Configurations tab, set the Audience, Recipient, CS (Consumer) URL Validator, and ACS (Consumer) URL fields to the values that HUMAN provided you with.

  2. From the same tab, verify that each field is set to the following values:

    • SAML not valid before = 3
    • SAML not valid on or after = 3
    • SAML initiator = OneLogin
    • SAML nameID format = Email
    • SAML issuer type = Generic
    • SAML signature element = Both
    • Encrypt assertion = No (box unchecked)
    • SAML encryption method = AES-128-CBC
    • Send NameID Format in SLO Request = No (box unchecked)
    • Generate AttributeValue tag for empty values = No (box unchecked)
    • SAML sessionNotOnOrAfter = 1440
    • Sign SLO Request = No (box unchecked)
    • Sign SLO Response = No (box unchecked)

Configurations

  1. From the Parameters tab, set the Credentials are option to Configured by admin.

  2. In the same tab, create three custom parameters called email, firstName, and lastName. As you create each parameter, ensure that the Include in SAML assertion checkbox is selected. Then verify that each parameter is set to the following values:

    • NameID value = Email
    • email = Email
    • firstName = First Name
    • lastName = Last Name
  3. From the SSO tab, select SHA-256 from the SAML Signature Algorithm drop-down menu.

  4. Select Save to finalize your choices.

Finalize

  1. After you’ve created your connector, navigate back to the SSO tab. The Issuer URL and SAML 2.0 Endpoint (HTTP) fields will each contain a URL value. You must send these two URLs to a HUMAN representative so we can finalize your OneLogin integration.

You'll now be able to manage your organization's SSO access to the HUMAN Dashboard.