OneLogin SSO setup

Set up the RudderStack SSO (Single Sign-On) feature with OneLogin.

This guide lists the steps to configure and enable OneLogin SSO for your organization.

Configuring the RudderStack SSO app

  1. Log into your OneLogin portal and click Administration in the top menu:
Administration option in OneLogin
  1. From the top menu, go to Applications > Applications:
Applications option
  1. Then, click Add App:
Add App option
  1. In the resulting Find Applications page, search for SAML Custom Connector (Advanced). From the search results, select the application:
Select SAML Custom Connector option
  1. Name your SAML app and click Save:
Select SAML app name
  1. In the Configuration tab, enter the settings as shown in the following image:
SAML app configuration

The settings to be configured are listed in the following table:

Audience (EntityID)urn:amazon:cognito:sp:us-east-1_ABZiTjXia
ACS (Consumer) URL Validator^https:\/\/auth2\.rudderstack\.com\/saml2\/idpresponse\/\$
ACS (Consumer) URL
Login URL[]
Make sure you enter the correct domain name in the Login URL setting. For example, if your employee email is, then your Login URL will be
  1. From the dropdown, select the SAML initiator and SAML nameID format fields as shown:
SAML settings
Configure the other SAML settings related to the assertion validity, encryption method, etc. as per your organizational requirements.
  1. Next, go to the Parameters tab and add the custom parameters as shown below:
Custom parameters

The custom parameters and their values are listed in the following table:

NameID valueEmail
For the LastName custom attribute, you can specify a single field Name - which specifies how you would like to see your employees on the RudderStack web app.
  1. To add any other custom parameter, click the + button, enter the Field name, and select the value from the dropdown:
Custom parameter configuration
Make sure you enable (tick) the Include in SAML assertion flag for each custom parameter.
  1. Click Save to save the configuration.

Enabling SSO

Go to the SSO tab of your app and copy the Issuer URL:

Issuer URL
The Issuer URL is the SAML metadata endpoint that contains the certificate and any other information required to enable SSO for your organization.

Share this Issuer URL with the RudderStack team.


There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.

A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.

Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.


Note the following before capturing your HAR file:

  • Start from with a clean session, preferably in incognito mode of your browser.
  • Complete the SSO flow until the step where you face an error.
  • Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.

Questions? Contact us by email or on Slack