OneLogin Integration

Integrate single sign-on to Sqreen with OneLogin


Set Up

OneLogin

From the OneLogin admin dashboard, click the APPS menu item, click ADD APP, search for "SAML Test Connector (IdP w/attr)", and select the application from the search results.

Create application

Set Display Name to "Sqreen", add the logo you can find on your dashboard, and click Save.

Create connector

Click the Configuration tab, and set the following values:

Configure connector

Click Save

Click the Parameters tab, and click Add parameter.

Set Field name to "email", and check Include in SAML assertion. Click Save.

Create email field

Set the Value dropdown to "Email" and again click Save.

Edit email field parameters

Your list of parameters should now look like the below.

Check parameters

Sqreen

Open the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard.

Set Identity Provider Single Sign-On URL to the value found under OneLogin application's SSO tab field SAML 2.0 Endpoint (HTTP).

SAML Endpoint value

Download the X.509 certificate by clicking the View Details link found under OneLogin application's SSO tab field, and the DOWNLOAD button in the following X.509 Certificate section, and upload this file to the Certificate field.

Download certificate

Click Enable OneLogin.

Enable OneLogin

Verify configuration

To verify that configuration is correct, check that the OneLogin and Sqreen certificate thumbprint values match.

You can find the OneLogin values by clicking the View Details link found under OneLogin application's SSO tab field.

Check thumbprint on OneLogin Dashboard

You can find the Sqreen values under the Integrations -> OneLogin panel in your Organization panel in the Sqreen Dashboard.

Check thumbprint on Sqreen Dashboard

User Login

OneLogin dashboard

Now when a user clicks the "Sqreen" application on the OneLogin dashboard they are logged in to Sqreen. When logging in for the first time, a new user account is created and automatically linked with your Sqreen organization.

Notes

If a Sqreen user with a given e-mail already exists, and is assigned to a different organization, SSO login for a user with the same e-mail does not succeed.

If an SSO user has the same e-mail as a Sqreen user in the same organization, then these users will be linked together, and able to log in either via SSO or their password.

When your Sqreen plan provides access to Role-based access control (RBAC), the new user has the "team member" role. Otherwise, they have access to all features like any team member.

Notes

Users provisioned via SSO are not able to enable password-based login.

However, users that existed before logging in via SSO (in the same team), retain their ability to log in with passwords, as well as reset their passwords.

Further Information

Missing OneLogin Integration Settings

If you do not see a "OneLogin" section at https://my.sqreen.com/profile/organization/integrations, then this feature has not been enabled for your plan.

What Happens to Deactivated Users

It is currently not possible to automatically delete Sqreen team members when their corresponding users are deactivated in OneLogin.

If you remove users from OneLogin, you need to manually delete them from your Sqreen organization's team page.

However, these users are not able to log in anymore, unless they were in the team before the start of SSO use in your organization.