Home
User Guides
Start typing to search…
  1. Manage Observe
  2. Manage users and access
  3. Configure single sign-on

Configure OneLogin for SSO

Observe supports OneLogin as an Identity Provider (IdP) using Security Authentication Markup Language (SAML).

📘

Note

Use of stem names instead of Observe Customer IDs is not supported at this time.

Configure OneLogin

  1. Log into the OneLogin portal as the admin and choose Applications > Applications > Add App.
  2. In the Search field, enter saml test.
  3. Choose SAML Test Connector (Advanced) and change the Display Name to Observe.
  4. Add a description and click Save.
  5. Verify the Display Name as Observe, and add the Observe icon by navigating to https://s3-us-west-2.amazonaws.com/observeinc.com/assets/saml-icon.png.
  6. Change to the Configuration page and set the following values. Replace ${OBSERVE_CUSTOMER_ID} with your Observe tenant ID, and ${REGION_URL} with the appropriate URL for your deployment region. See Observe deployment regions.
  • ACS URL Validator - enter the URL https://${OBSERVE_CUSTOMER_ID}.${REGION_URL}/auth/saml2/callback.
  • ACS URL - enter the URL https://${OBSERVE_CUSTOMER_ID}.${REGION_URL}/auth/saml2/callback.
  • SAML initiator - enter Service Provider.
  • SAML nameID format - enter Email.
  • Name ID - enter Basic Information > Primary email.
  • SAML signature element - enter Response.
📘

Note

Observe does not support the values sessionNotOnOrAfter and SLO.

  1. Navigate to the Parameters page and add the following parameters one at a time by clicking the +, and then Save after adding each value.
  • Field Names - email, firstName, and lastName (case-sensitive!)
  • Values - Email, First Name, and Last Name
  1. Select the Include in SAML assertion.
  2. Copy the SAML 2.0 Endpoint (HTTP) URL.

Configure Observe

Perform the following steps to configure Observe for Microsoft Entra ID SSO:

  1. In the left navigation rail, hover on your user name, then select Manage account.
  2. Click Customer settings.
  3. Click Add SAML.
  1. Paste the SAML 2.0 Endpoint (HTTP) URL into the Entry Point field.
  2. On the OneLogin SSO page, click Details for the X.509 certificate. Copy the certificate details and paste them into the Cert field for Observe.
  3. Click Add SAML Provider.
📘

Note

NOTE THE CERTIFICATE EXPIRATION DATE! If this is your first SAML app for OneLogin, the certificate is new and valid for five years from today. If you previously configured other SAML apps, the certificate may be an older one. Observe does not currently warn about the expiration date. When this certificate expires, your SAML integration stops functioning.

Updated 8 days ago