1. SPOTIO
  2. Integrations
  3. Integrations

Integrations

Search

SAML/SCIM Integration with OneLogin

Brandy Billiot
Brandy Billiot
  • Updated

SAML Integration with OneLogin

  1. Login as admin into Spotio and go to page:
    Settings -> Integrations -> SINGLE SIGN-ON (SSO)
  2. Login as admin into OneLogin and go to page
    Administration -> Applications
  3. Add new application (Add app): 
    1. Choose application: SCIM Provisioner with SAML (SCIM v2 Core)
    2. Set display name: SPOTIO
    3. Upload SPOTIO logo
    4. Click Save
  4. Now you should see configuration for saved application

  1. Next step is SAML configuration:
    1. In Spotio go to SSO settings
    2. In OneLogin go to Configuration section of new application
    3. Set Audience with value: Spotio and copy it to OneLogin
    4. Copy ACS (CONSUMER) URL from Spotio to OneLogin

  1. In OneLogin go to SSO section
  2. Copy Issuer URL from OneLogin to Spotio ISSUER URL (METADATA XML)
  3. Copy X.509 Certificate from OneLogin to Spotio
    1. Go to details in OneLogin and copy certificate

  1. Save configuration in Spotio and OneLogin
  2. SAML Authentication is configured next step is SCIM configuration.

 

SCIM Integration with OneLogin

  1. Go to Spotio SSO Settings.
  2. Set SCIM enabled.
  3. Click Generate Token.

  1. Go to OneLogin Administration -> Application -> Edit Spotio application.
  2. Go to the Configuration section.
  3. Copy SCIM Bearer Token from Spotio to OneLogin.
  4. Copy SCIM Base URL from Spotio to OneLogin.

  1. Set SCIM JSON Template in OneLogin to define mapping between SCIM model and OneLogin fields. Below there is a Spotio minimal required template that you can extend or modify if you need:

{

  "schemas": [

    "urn:scim:schemas:core:2.0"

  ],

  "userName": "{$parameters.scimusername}",

  "name": {

    "familyName": "{$user.lastname}",

    "givenName": "{$user.firstname}",

    "formatted": "{$user.display_name}"

  },

  "emails": [{

    "value": "{$user.email}",

    "type": "work",

    "primary": true

  }],

  "title": "{$parameters.title}",

  "phoneNumbers":[

    {

      "value":"{$user.phone}",

      "type":"work"

    }

  ]

}

  1. Go to the Provisioning section in OneLogin.
    1. Set Enable provisioning.
    2. In the entitlements section click Refresh to load Spotio groups.

  1. Go to the Parameters section in OneLogin.
    1. Edit field Groups and check Include in User Provisioning flag.

  1. In Spotio we have 3 types of roles (Sales, Manager, Admin). By default users will be provisioned with role Sales. If you want to provision the users also to other roles you have to first define groups in OneLogin that will be mapped to Spotio roles and then define the rules. Go to Rules section in OneLogin
    1. In this section we have to configure mapping for each Spotio role to group in OneLogin.
    2. Add rule Sales with ConditionGroups is” and choose the group that you want to map to the Sales role in Spotio. In Actions choose Set Groups in…, From Existing option and select Sales in Select Groups dropdown. Click Add and Save.
    3. Similarly add rules for Manager and Admin roles.

  1. Go to Access section in OneLogin and select the roles that will have access to the Spotio application

  1. Assign the users that you want to provision into the Spotio application to the role that you choose in the previous step. After that OneLogin will automatically provision users into Spotio and they will be visible in Users section with their current provisioning status

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.