Skip to main content

OneLogin and Nebula single sign-on configuration

Updated: 

The following instructions assist the Identity Provider administrator with the setup of single sign-on (SSO) for Nebula with Microsoft OneLogin. Nebula supports the SAML 2.0 authentication protocol.

Get started

  • The email address used for the Nebula account must match the email address used for OneLogin.
  • Log in to Nebula and go to Configure > Single Sign-on.
  • Log in to your OneLogin with administrator credentials.

Add a new application in OneLogin

  1. In the OneLogin portal, click ADD APP.
    DOC-2983-1.jpg

  2. In the Find Applications search bar, enter "SAML Test Connector (IdP) w/ attr w/ sign response".
    DOC-2983-2.png
  3. Assign a name to the application. For example: Nebula.DOC-2983-3.png

Setup OneLogin SAML Settings

  1. In the Nebula Single Sign-On page, copy the Assertion Consumer Service URL.
  2. In OneLogin, go to the Configuration tab.
  3. Paste in the previously copied Assertion Consumer Service URL into the SAML Consumer URL and ACS URL Validator fields.
  4. Leave the rest of the fields blank.
  5. Click the Parameters tab > Add parameter.
    DOC-2983-5.png
  6. Fill or check the following values:
    • Name: email
      Note: "email" must be entered in lowercase. 
    • Value: Email
    • Flags: Check Include in SAML assertion
      DOC-2983-6.png
  7. Click SAVE.
  8. On the Parameters tab, click SAVE to save the application configuration.
    DOC-2983-7.png

Upload OneLogin SSO XML file into Nebula

  1. Click MORE ACTIONS > SAML Metadata to download the OneLogin metadata XML file.
    DOC-2983-8.png
  2. Return to the Nebula > Configure > Single Sign-On page.
  3. Have a Nebula Super Admin perform one of the following:
    • Drag the OneLogin metadata XML file to the Upload New Metadata XML square.
      or
    • Click Choose a Different File to locate the metadata XML file path.

Enable SSO

  1. Once the metadata is uploaded, toggle on Enable SSO.
    • Toggle on Just-In-Time (JIT) Provisioning to automatically create Nebula users if they don't already exist when authenticating through OneLogin.
    • Toggle on Service Provider Initiated SSO if you will be accessing Nebula through a tile or button in OneLogin.
  2. Now the application can be assigned to your Nebula administrators in OneLogin.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more