The following article assists Identity Provider (IDP) Administrators with configuring single sign-on (SSO) for OneView with OneLogin. OneView only supports the SAML 2.0 authentication protocol. For more information, see Configure single sign-on with OneView.
Add a new application in OneLogin
- In the OneLogin portal, click ADD APP.
- In the Find Applications search bar, enter "SAML Test Connector (IdP) w/ attr w/ sign response".
- Assign a name to the application.
Configure attributes
- In the OneView Single Sign-On page, copy the Assertion Consumer Service URL.
- In OneLogin, go to the Configuration tab.
- Paste in the previously copied Assertion Consumer Service URL into the SAML Consumer URL and ACS URL Validator fields.
- Leave the rest of the fields blank.
- Click the Parameters tab > Add parameter.
- Fill or check the following values:
-
Name: email
Note: "email" must be entered in lowercase. - Value: Email
-
Flags: Check Include in SAML assertion
-
Name: email
- Click SAVE.
- On the Parameters tab, click SAVE to save the application configuration.
Link OneLogin metadata with OneView
Use one of the following methods to connect the metadata with OneView
Metadata URL
- Copy the OneLogin App Federation Metadata Url.
- In the OneView Single Sign-On page, paste the Metadata URL under Identity Provider (IDP) Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Metadata XML
- Download the OneLogin Federation Metadata XML file.
- In the OneView Single Sign-On page, choose Metadata XML.
- Drag the .xml file or click Or Select A File to upload the IDP Metadata.
- Set Enable Single Sign-On (SSO) to ON.
- In the top right, click Save.
Test and Enable SSO
- Once the metadata is uploaded, toggle on Enable SSO.
- Toggle on Just-In-Time (JIT) Provisioning to automatically create OneView users if they don't already exist when authenticating through OneLogin.
- Toggle on Service Provider Initiated SSO if you will be accessing OneView through a tile or button in OneLogin.
- Now the application can be assigned to your OneView administrators in OneLogin.