Configure OneLogin as your Identity Provider for SSO
Single Sign-On (SSO) is a great way to improve the security and user experience for your Keepabl account – and OneLogin is one of our supported Identity Providers, or IdPs.
We’ve prepared this guide so that you can get SSO up and running with OneLogin as your IdP for Keepabl. For more information, please see our detailed Admin Guide to SSO & Keepabl.
Please note, you need to have Edit rights over Account Settings > Your Organisation in your Keepabl account to set up SSO in Keepabl.
Features
The following provisioning features are supported with OneLogin as your IdP:
- Create New Users
- New users created through OneLogin, by assigning the user to Keepabl in your OneLogin account, will automatically be created in Keepabl.
- Push Profile Updates
- Updates made to a user’s profile in OneLogin (their name and email address) will automatically be updated in Keepabl.
- Suspend Users
- Deactivate a user in OneLogin and they’ll automatically be suspended in Keepabl.
- Unsuspend Users
- Activate a suspended user in OneLogin and they’ll automatically be unsuspended in Keepabl.
- Delete Users
- Delete a user in OneLogin and they’ll automatically be deleted in Keepabl.
Security
To protect the Security of your Keepabl account and to respect least privilege access practices, any new user assigned to Keepabl in an IdP is created in Keepabl with a ‘blank account’ with no access rights: they’ll see nothing when they login to Keepabl. You can then go to your Account Settings in Keepabl and give them the exact, tailored access rights appropriate for their role.
Now let’s run through the simple steps to use OneLogin as your IdP for Keepabl.
Step 1: Choose OneLogin in Keepabl
First log into Keepabl and go to Account Settings > Your Organisation, where you’ll see the Single Sign-On (SSO) section. Click on the Setup Identity Provider button:
You will be taken to the SSO Setup page, where, once you select OneLogin as your provider, you will see three URLs, called SAML Consumer URL, SCIM Base URL, and SAML Audience URL plus a SCIM Bearer Token. You will need to enter this into your OneLogin account.
Step 2: Choose Keepabl in OneLogin
Next, log into your OneLogin account:
- find and choose the Keepabl app in OneLogin,
- choose Configuration in the left-hand menu, and
- enter the SAML Audience URL, SAML Consumer URL, SCIM Base URL and SCIM Bearer Token from Keepabl, which you have from the step above.
Make sure you enable API Connection as shown below (you want to see the green dot and ‘Enabled’).
Then enable Provisioning (if Provisioning isn’t showing for you, you’ll need to contact your OneLogin Account Manager to discuss your OneLogin subscription level):
Once you’ve set up the Keepabl app in OneLogin, you need these 3 items from OneLogin to enter into Keepabl:
- your Issuer URL and SAML 2.0 Endpoint (HTTP), as you’ll see below, and
- your X.509 Certificate, which you can create and download by clicking on the View details link (please download the certificate in X509.PEM format).
Now back to Keepabl to finish setting up SSO with OneLogin!
Step 3: Enter your OneLogin details in Keepabl
Go to Keepabl’s Set up SSO page where you chose OneLogin as your IdP and:
- enter the Issuer URL and SAML 2.0 Endpoint (HTTP) you copied from OneLogin,
- upload the X509 Certificate you downloaded from OneLogin, and
- click Create Provider
Congratulations! You’ve now set up OneLogin as your IdP and can now assign people to Keepabl in OneLogin.
Please reach out to us at support@keepabl.com if you have any issues.
KEEPABL is the trade mark of Keepabl Ltd | Company #: 11043685 | Registered office 86-90 Paul Street, London EC2A 4NE | VAT #: 281 5220 22
Keepabl is a regulatory compliance service provided for information only, not legal advice. Always consult your lawyer on legal matters.
Web Design & Development by MazeSpace Studios Ltd