This guide lists the steps to configure and enable OneLogin SSO for your organization.

Github Badge

Configuring the RudderStack SSO app

  1. Log into your OneLogin portal and click Administration in the top menu, as shown:
Administration option in OneLogin
  1. From the top menu, go to Applications > Applications, as shown:
Applications option
  1. Then, click Add App, as shown:
Add App option
  1. In the resulting Find Applications page, search for SAML Custom Connector (Advanced). From the search results, select the application, as shown:
Select SAML Custom Connector option
  1. Name your SAML app and click on Save, as shown:
Select SAML app name
  1. In the Configuration tab, enter the settings as shown in the following image:
SAML app configuration

The settings to be configured are listed in the following table:

SettingValue
Audience (EntityID)urn:amazon:cognito:sp:us-east-1_ABZiTjXia
Recipienthttps://auth2.rudderstack.com/saml2/idpresponse
ACS (Consumer) URL Validator^https:\/\/auth2\.rudderstack\.com\/saml2\/idpresponse\/\$
ACS (Consumer) URLhttps://auth2.rudderstack.com/saml2/idpresponse
Login URLhttps://app.rudderstack.com/sso?domain=[your-domain.com]
Make sure you enter the correct domain name in the Login URL setting. For example, if your employee email is john@example.com, then your Login URL will be `https://app.rudderstack.com/sso?domain=example.com`.
  1. From the dropdown, select the SAML initiator and SAML nameID format fields as shown:
SAML settings
Configure the other SAML settings related to the assertion validity, encryption method, etc. as per your organizational requirements.
  1. Next, go to the Parameters tab and add the custom parameters as shown below:
Custom parameters

The custom parameters and their values are listed in the following table:

ParameterValue
EmailEmail
LastNameName
NameID valueEmail
For the LastName custom attribute, you can specify a single field Name - which specifies how you would like to see your employees on the RudderStack web app.
  1. To add any other custom parameter, click the + button, enter the Field name, and select the value from the dropdown, as shown:
Custom parameter configuration
Make sure you enable (tick) the Include in SAML assertion flag for each custom parameter.
  1. Click on Save to save the configuration.

Enabling SSO

Go to the SSO tab of your app and copy the Issuer URL, as shown:

Issuer URL
The Issuer URL is the SAML metadata endpoint that contains the certificate and any other information required to enable SSO for your organization.

Share this Issuer URL with the RudderStack team.


Contact us

For more information on the topics covered on this page, email us or start a conversation in our Slack community.

On this page