Configuring SAML 2.0 with OneLogin
The OneLogin platform is an access management system that uses single sign-on (SSO) and a cloud directory to enable organizations to manage user access to on-premises and cloud applications. It is a tool to help empower employees, customers and partners with secure access to your cloud and company apps on all devices.
Basically, it gives a layer of security and access to manage business applications. Instead of having to remember multiple passwords, URL, and what apps you have access to, you are directed to an easy application catalog that will list your apps and can provide single sign-on.
Here is how users can configure SAML in BrainCert with OneLogin.
Step 1: Login to your OneLogin account
Login to your OneLogin account. Click on the Application menu and select Applications.
Step 2: Select SAML Test Connector
Click on Add App ** and search for **SAML Test Connector and select the app.
Step 3: Create a New SAML Application
Create new SAML Application and provide the display name and click Save
Step 4: Configure OneLogin
To configure OneLogin with details from your BrainCert SSO dashboard, enter all the service provider details from the BrainCert LMS SSO dashboard to the OneLogin (IdP) Configuration Dashboard.
Copy Audience(Entity ID), Recipient, ACS (consumer) URL Validator, ACS(Consumer) URL and Single Logout URL and paste it in the corresponding fields in OneLogin (IdP). Leave the remaining field blank.
Step 5: Add the Identity Provider Details From OneLogin
To add the identity provider details from OneLogin to BrainCert SAML dashboard, go to the SSO tab *on the OneLogin menu and copy the the *Issuer URL, the SAML 2.0 Endpoint, and the SLO Endpoint *and paste it in BrainCert *Identity Provider Details field.
Click on View Details below the X.509 certificate field and it will redirect you to the certificate page. Copy the X.509 Certificate and paste in the LMS Dashboard
Paste the Issuer URL from OneLogin at the Entity Id on BrainCert. SAML 2.0 Endpoint *in *SSO Service Url field, SLO Endpoint *in *SSO Logout Service URL, and also paste the X.509 Certificate . Once this is done, save the settings.
Step 6: Profile Field Mapping
Now add the parameter Group to map BrainCert to OneLogin. Click the parameter tab on the OneLogin dashboard and add the attributes email, First Name, Last Name and Username as given in the LMS Profile Field Mapping.
Select the parameters tab on the OneLogin dashboard and click Add Attributes
Enter the attributes and select the checkbox “Include in SAML Assertion” and click save
Step 7: Group Mapping
Click on the Group Mapping in the LMS and select the default group and roles from the drop down menu. Note that users will automatically be registered in these groups at their first login. They will also be enrolled in all the courses/test assigned to that group.
Save all the settings and check your configuration. Once you have double checked the configuration, open the LMS SSO identity providers and click on Connect.
Congrats, you have successfully configured SAML with OneLogin.