Set up SSO with OneLogin

Keepabl and OneLogin

Configure OneLogin as your Identity Provider for SSO

Single Sign-On (SSO) is a great way to improve the security and user experience for your Keepabl account – and OneLogin is one of our supported Identity Providers, or IdPs.

We’ve prepared this guide so that you can get SSO up and running with OneLogin as your IdP for Keepabl. For more information, please see our detailed Admin Guide to SSO & Keepabl.

Please note, you need to be the Super Admin in your Keepabl account to set up SSO in Keepabl.

 

Features

The following provisioning features are supported with OneLogin as your IdP:

  • Create New Users
    • New users created through OneLogin, by assigning the user to Keepabl in your OneLogin account, will automatically be created in Keepabl.
  • Push Profile Updates
    • Updates made to a user’s profile in OneLogin (their name and email address) will automatically be updated in Keepabl.
  • Suspend Users
    • Deactivate a user in OneLogin and they’ll automatically be suspended in Keepabl.
  • Unsuspend Users
    • Activate a suspended user in OneLogin and they’ll automatically be unsuspended in Keepabl.
  • Delete Users
    • Delete a user in OneLogin and they’ll automatically be deleted in Keepabl.

 

Security

To protect the Security of your Keepabl account and to respect least privilege access practices, any new user assigned to Keepabl in an IdP is created in Keepabl with a ‘blank account’ with no access rights: they’ll see nothing when they login to Keepabl. You can then go to your Admin Portal in Keepabl and give them the exact, tailored access rights appropriate for their role.

Now let’s run through the simple steps to use OneLogin as your IdP for Keepabl.

 

Step 1: Log into Keepabl

First log into Keepabl and go to Admin Portal Your Organisation, where you’ll see the Single Sign-On (SSO) section. Click on the Setup Identity Provider button:

You will be taken to the SSO Setup page, where, once you select OneLogin as your provider, you will see three URLs, called SAML Consumer URL, SCIM Base URL, and SAML Audience URL plus a SCIM Bearer Token. You will need to enter this into your OneLogin account.

OneLogin URLs Keepabl

 

Step 2: Log into OneLogin

Next, log into your OneLogin account:

  • find and choose the Keepabl app in OneLogin,
  • choose Configuration in the left-hand menu, and
  • enter the SAML Audience URL, SAML Consumer URL, SCIM Base URL and SCIM Bearer Token from Keepabl, which you have from the step above.

Make sure you enable API Connection as shown below (you want to see the green dot and ‘Enabled’).

OneLogin URL fields

 

Then enable Provisioning (if Provisioning isn’t showing for you, you’ll need to contact your OneLogin Account Manager to discuss your OneLogin subscription level):

OneLogin User Provisioning

 

Once you’ve set up the Keepabl app in OneLogin, you need these 3 items from OneLogin to enter into Keepabl:

  •  your Issuer URL and SAML 2.0 Endpoint (HTTP), as you’ll see below, and
  • your X.509 Certificate, which you can create and download by clicking on the View details link (please download the certificate in X509.PEM format).

OneLogin create token

Now back to Keepabl to finish setting up SSO with OneLogin!

 

Step 3: Enter your OneLogin details in Keepabl

Go to Keepabl’s Set up SSO page where you chose OneLogin as your IdP and:

  • enter the Issuer URL and SAML 2.0 Endpoint (HTTP) you copied from OneLogin,
  • upload the X509 Certificate you downloaded from OneLogin, and
  • click Create Provider

Fields in Keepabl for URLs

Congratulations! You’ve now set up OneLogin as your IdP and can now assign people to Keepabl in OneLogin.

Please reach out to us at support@keepabl.com if you have any issues.