Configuring OneLogin for Single Sign On (SSO)

Observe supports OneLogin as an Identity Provider (IdP) using Security Authentication Markup Language (SAML).

Note

Use of stem names instead of Observe Customer IDs is not supported at this time.

Configuring OneLogin

  1. Log into the OneLogin portal as the admin and choose Applications > Applications > Add App.

  2. In the Search field, enter saml test.

  3. Choose SAML Test Connector (Advanced) and change the Display Name to Observe.

  4. Add a description and click Save.

  5. Verify the Display Name as Observe, and add the Observe icon by navigating to https://s3-us-west-2.amazonaws.com/observeinc.com/assets/saml-icon.png.

  6. Change to the Configuration page and set the following values:

  • ACS URL Validator - enter the URL https://${OBSERVE_CUSTOMER_ID}.observeinc.com/auth/saml2/callback.

  • ACS URL - enter the URL https://${OBSERVE_CUSTOMER_ID}.observeinc.com/auth/saml2/callback.

  • SAML initiator - enter Service Provider.

  • SAML nameID format - enter Email.

  • Name ID - enter Basic Information > Primary email.

  • SAML signature element - enter Response.

Note

Observe does not support the values sessionNotOnOrAfter and SLO.

  1. Navigate to the Parameters page and add the following parameters one at a time by clicking the +, and then Save after adding each value.

  • Field Names - email, firstName, and lastName (case-sensitive!)

  • Values - Email, First Name, and Last Name

8. Select the Include in SAML assertion.

9. Copy the SAML 2.0 Endpoint (HTTP) URL.

Configuring Observe

Note

We’re working on some new capabilities for SSO that we’re excited to share with you all. In the meantime, work with your Observe account team to enable and configure your SAML integration, via the steps below.

  1. Navigate to https://${OBSERVE_CUSTOMER_ID}.observeinc.com/settings/customer.

Observe SAML settings

Figure 3 - Observe Settings

2. Paste the SAML 2.0 Endpoint (HTTP) URL into the Entry Point field.

3. On the OneLogin SSO page, click Details for the X.509 certificate. Copy the certificate details and paste them into the Cert field for Observe.

4. Click Add SAML Provider.

NOTE THE CERTIFICATE EXPIRATION DATE! If this is your first SAML app for OneLogin, the certificate is new and valid for five years from today. If you previously configured other SAML apps, the certificate may be an older one. Observe does not currently warn about the expiration date. When this certificate expires, your SAML integration stops functioning.