Configuring OneLogin for Single Sign On (SSO)

Observe supports OneLogin as an Identity Provider (IdP) using Security Authentication Markup Language (SAML).

Configuring OneLogin

  1. Log into the OneLogin portal as the admin and choose Applications > Applications > Add App.

  2. In the Search field, enter saml test.

  3. Choose SAML Test Connector (Advanced) and change the Display Name to Observe.

  4. Add a description and click Save.

  5. Verify the Display Name as Observe, and add the Observe icon by navigating to https://s3-us-west-2.amazonaws.com/observeinc.com/assets/saml-icon.png.

  6. Change to the Configuration page and set the following values:

    * **ACS URL Validator** - enter the URL `https://${CUSTOMER_ID}.observeinc.com/auth/saml2/callback`.
* **ACS URL** - enter the URL `https://${CUSTOMER_ID}.observeinc.com/auth/saml2/callback`.
* **SAML initiator** - enter `Service Provider`.
* **SAML nameID format** -  enter `Email`.
* **Name ID** - enter `Basic Information > Primary email`.
* **SAML signature element** - enter `Response`.

```{note}
Observe does not support the values `sessionNotOnOrAfter` and `SLO`.
```

    7. Navigate to the Parameters page and add the following parameters one at a time by clicking the +, and then Save after adding each value.

  • Field Names - email, firstName, and lastName (case-sensitive!)

  • Values - Email, First Name, and Last Name

8. Select the Include in SAML assertion.

9. Copy the SAML 2.0 Endpoint (HTTP) URL.

Configuring Observe

  1. Navigate to https://${CUSTOMER_ID}.observeinc.com/settings/customer.

Observe SAML settings

Figure 3 - Observe Settings

2. Paste the SAML 2.0 Endpoint (HTTP) URL into the Entry Point field.

3. On the OneLogin SSO page, click Details for the X.509 certificate. Copy the certificate details and paste them into the Cert field for Observe.

4. Click Add SAML Provider.

NOTE THE CERTIFICATE EXPIRATION DATE! If this is your first SAML app for OneLogin, the certificate is new and valid for five years from today. If you previously configured other SAML apps, the certificate may be an older one. Observe does not currently warn about the expiration date. When this certificate expires, your SAML integration stops functioning.