This article describes how to configure OneLogin for use as an identity provider for Perimeter 81.
- Configuring OneLogin
- Configuring Perimeter 81
- Access Error troubleshooting
Please follow the steps below:
Configuring OneLogin
- Log in to your OneLogin account. If you don't already have one, you will need to create one.
- Select Apps and then Add Apps.
- Search for saml, and select SAML Test Connector (IdP w/attr).
- Change the Display Name to Perimeter 81. Select Save.
- Go to the SSO tab, and copy the values for SAML 2.0 Endpoint (HTTP) and SLO Endpoint (HTTP).
- Select the View Details link at the X.509 Certificate field.
- Download the X.509 certificate onelogin.pem.
- Go back to the Configuration tab.
- Enter the following values into the appropriate fields:
Audience: urn:auth0:perimeter81:{{WORKSPACE}}-oc
for example: acme.perimeter81.com workspace should translate to urn:auth0:perimeter81:acme-ocRecipient: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
ACS (Consumer) URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
ACS (Consumer) URL Validator field: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
10. On the Parameters tab, select Add Parameter.
11. In the popup, set a name for your new custom attribute using the Field name text box. Make sure you check the Include in the SAML assertion flag. Select Save.
12. The new attribute you created is displayed. Select the Value field, which is currently displaying - No default.
13. Select the Value dropdown menu and select Macro.
14. Add the following set of properties:
Field Name: email, Macro text box value: {email}, SAML assertion flag: Checked
Field Name: given_name, Macro text box value: {firstname}, SAML assertion flag: Checked
Field Name: family_name, Macro text box value: {lastname}, SAML assertion flag: Checked
At this point, we're ready to configure Perimeter 81.
Configuring Perimeter 81
- Log in to your Perimeter 81 Management Platform, and navigate to Settings and then Identity Providers.
- Select + Add Provider.
- Choose SAML 2.0 Identity Providers.
- Fill Sign In URL, Signing Certificate as follows:
The SAML 2.0 Endpoint (HTTP) value you saved above into the Sign In URL field
The SLO Endpoint (HTTP) value into the Sign Out URL field.
Finally, upload the onelogin.pem certificate using Upload Certificate.
- Select Done.
Access Error troubleshooting
If your users are getting access error after the configuration, please check these steps.