OneLogin SAML

Configure OneLogin SAML

Pre-condition before the SAML Configuration

Please make sure to add verified domains before configuring SAML**

**
To enable clients to log in through OneLogin in Zluri, you must create Zluri as a SAML app and add an Email parameter. Here are step-by-step instructions to follow:

  1. Log in to your OneLogin account and navigate to the SAML app configuration.

  2. Locate the Zluri SAML app and click on it. If the Zluri SAML App is unavailable in the Apps Catalog of OneLogin, you can contact the support team or create a custom app for Zluri SAML.

  3. To create a Custom app:
    A. Navigate to Applications > Applications > Add Apps in the OneLogin administrator dashboard. Search for SAML Custom Connector (Advanced) and select the first result from the search results.

    B. Rename the "Display Name," add the "Icons" & "Description" in the successive field.

     And click Save.

  4. Look for the "Parameters" section and click on it.

  5. Click the plus icon or the "Add Parameter" button to add a new parameter.

  6. In the "Field Name" section, enter the following URL:
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    This value represents the email address field in the SAML assertion.

  7. Check the "Include in SAML assertion" box for this parameter.

  8. Click "Save" to save the new parameter.

  9. Find the newly created parameter in the list and click on it.

  10. Set the Value = email 
    This value tells the SAML app to include the email address in the SAML assertion.

  11. Click "Save to save the parameter with the assigned value.

           The application will now appear in the applications.
Then click 'Test connection' to try logging in with your OneLogin credentials. If you can log in successfully, then it works. Next time any user of your organization tries to log in they will be redirected to the OneLogin login page.

If you have already configured SAML, please check this link to understand How you can rotate SAML Certificate in Zluri?

Editing an existing SAML setup

Rotate SAML certificates

X.509 certificates have a defined lifetime (e.g., in Google Workspace, it has a validity of 5 years). You should rotate a certificate if it's about to expire or if it becomes compromised.

If a certificate expires before you rotate it, your users won’t be able to use SSO to sign in to any SAML applications that use that certificate until you replace it with a new certificate.

To rotate the certificate:

  1. Open the SAML app in your SSO, navigate to the certificate page, and recreate it.

  2. Once you get the new certificate, please upload it to the Zluri platform.

Save the connection, and you can continue to use the SAML connection as configured.

Add/remove SAML domains

To add or remove SAML domains, go to SSO Settings, select/deselect the domains that you want to configure for SAML, then click Save.