Skip to main content

PrivaceraCloud Documentation

Table of Contents

Preview: OneLogin setup for SAML-SSO

:

The PrivaceraCloud portal uses OneLogin's Portal for SAML authentication. OneLogin must be configured with SAML for integration with the PrivaceraCloud portal.

Configure SAML in OneLogin

The following steps describe how to configure SAML in OneLogin application:

  1. Go to https://{company-name}.onelogin.com/

  2. Log in to your OneLogin account with Username and Password.

  3. In the top menu bar, click the Applications. and select Applications.

  4. Click the Add App button.

  5. Search for SAML, and then select SAML Custom Connector (Advanced) from the list.

  6. In the Display Name text box, enter the display name (i,e., Privacera Portal SAML), and then click Save.

  7. In the left navigation, click Configuration, and enter the following details in the fields:

    • Audience(EntityID): privacera-portal

    • Recipient: https://{yourhostname.com}/SingleSignOnService/receiveResponse

    • ACS (Consumer) URL Validator: https://{yourhostname.com}/*

      Note

      The source URL is validated by OneLogin. If the source URL matches the regex expression, we respond to it.

      If it does not match, OneLogin logs a warning event and responds to the existing ACS (Consumer) URL value.

      Example 4. 

      Consider the ACS (Consumer) URL is https://serviceprovider.com/saml/consume/

      A secure ACS (Consumer) URL Validator regular expression is ^https:\/\/serviceprovider\.com\/saml\/consume\/$

      ^ and $ are an essential anchors in the regular expression.



    • ACS (Consumer) URL: https://{yourhostname.com}/SingleSignOnService/receiveResponse

    • Single Logout URL: https://{yourhostname.com}/logout

  8. Click Save.

  9. In the left navigation, click Parameters, and then click + icon.

  10. Add the following attribute mapping:

    • UserID: Username

      Note

      If the user’s login id is username then there should be no issues. If the user login ID is email. This attribute will be considered as username in the portal. The value is email but the domain name is stripped off to get the username. For example: john.joe@company.com. The username will be considered as john.joe. If there is another attribute which can be used as the username then this value will hold that attribute.

    • Select the Include in SAML assertion checkbox.

      You can also add the following attributes mapping:

      • EmailAddress: Email

      • FirstName: FirstName

      • LastName: LastName

    • Click Save.

  11. In the top right corner, go to the More Actions drop-down list, and select SAML Metadata.

    It will start downloading the XML metadata (i.e., onelogin_metadata_{id}.xml. You can use this XML file in SAML configuration in PrivaceraCloud.

Configure SAML in PrivaceraPortal

  1. On the left navigation, go to Settings > Identity.

  2. Click the Single Sign On section.

    You can see the single Sign On section with the fields.

  3. Enter the Application Properties details.

    The following table shows the mapping of the fields in PrivaceraCloud with the fields of the SAML app in the OneLogin account:

    Table 38. PrivaceraCloud and OneLogin fileds

    PrivaceraCloud Fields

    SAML App Fields in OneLogin

    Values

    Description

    Entity Id

    Entity ID

    privacera-portal

    The value of the entity id is the same as that which is used to configure OneLogin.

    Identity Provider Url

    SAML 2.0 Endpoint (HTTP)

    URL

    You can find this URL in: OneLogin SAML Application > SSO > SAML 2.0 Endpoint (HTTP)

    Identify Provider Metadata

    SAML Metadata

    XML file

    You get this XML file from: OneLogin > Applications > More Actions > SAML Metadata > onelogin_metadata_{id}.xml

    UserNAme Attribute

    UserID

    Username

    Use the same as configured in the OneLogin UserID in Parameters.

    Email Attribute

    EmailAddress

    Email

    Use the same as configured in the OneLogin EmailAddress in Parameters. If the name and email address in your OneLogin account are the same, you can use the name instead of the email address.

    FirstName Attribute

    FirstName

    FirstName

    Use the same as configured in the OneLogin FirstName in Parameters.

    LastName Attribute

    LastName

    LastName

    Use the same as configured in the OneLogin LastName in Parameters.



  4. Click Save.