OneLogin Integration¶ Integrate single sign-on to Sqreen with OneLogin Set Up¶ OneLogin¶ From the OneLogin admin dashboard, click the APPS menu item, click ADD APP, search for "SAML Test Connector (IdP w/attr)", and select the application from the search results. Set Display Name to "Sqreen", add the logo you can find on your dashboard, and click Save. Click the Configuration tab, and set the following values: Audience: The value of Audience from the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard, or https://my.sqreen.com/profile/organization/integrations. Recipient and ACS (Consumer) URL: The value of Recipient from the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard, or https://my.sqreen.com/profile/organization/integrations. ACS (Consumer) URL: To "^(?:http(s)?:\/\/)auth.sqreen.com\/login\/callback\?connection=.*$" Click Save Click the Parameters tab, and click Add parameter. Set Field name to "email", and check Include in SAML assertion. Click Save. Set the Value dropdown to "Email" and again click Save. Your list of parameters should now look like the below. Sqreen¶ Open the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard. Set Identity Provider Single Sign-On URL to the value found under OneLogin application's SSO tab field SAML 2.0 Endpoint (HTTP). Download the X.509 certificate by clicking the View Details link found under OneLogin application's SSO tab field, and the DOWNLOAD button in the following X.509 Certificate section, and upload this file to the Certificate field. Click Enable OneLogin. Verify configuration¶ To verify that configuration is correct, check that the OneLogin and Sqreen certificate thumbprint values match. You can find the OneLogin values by clicking the View Details link found under OneLogin application's SSO tab field. You can find the Sqreen values under the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard. User Login¶ Now when a user clicks the "Sqreen" application on the OneLogin dashboard they are logged in to Sqreen. When logging in for the first time, a new user account is created and automatically linked with your Sqreen organization. Notes If a Sqreen user with a given e-mail already exists, and is assigned to a different organization, SSO login for a user with the same e-mail does not succeed. If an SSO user has the same e-mail as a Sqreen user in the same organization, then these users will be linked together, and able to log in either via SSO or their password. When your Sqreen plan provides access to Role-based access control (RBAC), the new user has the "team member" role. Otherwise, they have access to all features like any team member. Notes Users provisioned via SSO are not able to enable password-based login. However, users that existed before logging in via SSO (in the same team), retain their ability to log in with passwords, as well as reset their passwords. Further Information¶ Missing OneLogin Integration Settings¶ If you do not see a "OneLogin" section at https://my.sqreen.com/profile/organization/integrations, then this feature has not been enabled for your plan. What Happens to Deactivated Users¶ It is currently not possible to automatically delete Sqreen team members when their corresponding users are deactivated in OneLogin. If you remove users from OneLogin, you need to manually delete them from your Sqreen organization's team page. However, these users are not able to log in anymore, unless they were in the team before the start of SSO use in your organization.