Configuring OneLogin for Single Sign On (SSO)¶
Observe supports OneLogin as an Identity Provider (IdP) using Security Authentication Markup Language (SAML).
Note
Use of stem names instead of Observe Customer IDs is not supported at this time.
Configuring OneLogin¶
Log into the OneLogin portal as the admin and choose Applications > Applications > Add App.
In the Search field, enter saml test.
Choose SAML Test Connector (Advanced) and change the Display Name to Observe.
Add a description and click Save.
Verify the Display Name as Observe, and add the Observe icon by navigating to
https://s3-us-west-2.amazonaws.com/observeinc.com/assets/saml-icon.png
.Change to the Configuration page and set the following values:
ACS URL Validator - enter the URL
https://${OBSERVE_CUSTOMER_ID}.observeinc.com/auth/saml2/callback
.ACS URL - enter the URL
https://${OBSERVE_CUSTOMER_ID}.observeinc.com/auth/saml2/callback
.SAML initiator - enter
Service Provider
.SAML nameID format - enter
Email
.Name ID - enter
Basic Information > Primary email
.SAML signature element - enter
Response
.
Note
Observe does not support the values sessionNotOnOrAfter
and SLO
.
Navigate to the Parameters page and add the following parameters one at a time by clicking the +, and then Save after adding each value.
Field Names -
email
,firstName
, andlastName
(case-sensitive!)Values -
Email
,First Name
, andLast Name
8. Select the Include in SAML assertion.
9. Copy the SAML 2.0 Endpoint (HTTP) URL.
Configuring Observe¶
Note
We’re working on some new capabilities for SSO that we’re excited to share with you all. In the meantime, work with your Observe account team to enable and configure your SAML integration, via the steps below.
Navigate to
https://${OBSERVE_CUSTOMER_ID}.observeinc.com/settings/customer
.
Figure 3 - Observe Settings
2. Paste the SAML 2.0 Endpoint (HTTP) URL into the Entry Point field.
3. On the OneLogin SSO page, click Details for the X.509 certificate. Copy the certificate details and paste them into the Cert field for Observe.
4. Click Add SAML Provider.
NOTE THE CERTIFICATE EXPIRATION DATE! If this is your first SAML app for OneLogin, the certificate is new and valid for five years from today. If you previously configured other SAML apps, the certificate may be an older one. Observe does not currently warn about the expiration date. When this certificate expires, your SAML integration stops functioning.