Plans supporting single sign on (SSO)
Professional | Business | Enterprise |
---|---|---|
This guide will walk you through the steps to configure Single Sign-On (SSO) in Document360 using OneLogin as the Identity Provider (IdP) based on the SAML protocol. Access to a OneLogin account is required. Please note that only users with Owner or Admin as Project role can configure SSO in Document360.
PRO TIP
It is recommended to open Document360 and OneLogin in two separate tabs/browser windows, since configuring SSO in Document360 will require you to switch between Okta and Document360 multiple times.
Adding an Application in OneLogin
To create a Document360 SSO configuration using OneLogin, follow these steps:
Log in to your OneLogin Admin Portal using your credentials.
On the top menu, select Applications.
Click Add App.
In the search bar, type "SAML" and select SAML Custom Connector (Advanced) from the list.
Name your application (e.g., "Document360 SSO") and click Save.
Configuring SAML in OneLogin
Next, you will need to configure SAML settings in OneLogin using parameters from Document360:
Open Document360 in a separate tab or window.
Navigate to Settings > Users & security > SAML/OpenID in Document360.
Click the Create SSO button.
Select OneLogin as your identity provider in the Choose your Identity Provider (IdP) page to navigate to the Configure the Service Provider (SP) page automatically.
In the Configure the Service Provider (SP) page, you'll find the required parameters to configure your SAML integration in the Identity Provider.
Switch to the OneLogin tab/window and navigate to the Configuration tab of your new application.
In the Configuration tab, enter the following values from Document360, and click Save.
OneLogin
Document360
Audience (EntityID)
Service provider entity id
Recipient
Callback path
ACS (Consumer) URL Validator
Callback path
ACS (Consumer) URL
Callback path
Next, navigate to the Parameters tab, and click on the + icon to configure the following parameters:
Field Name
Value
urn:oasis:names:tc:SAML:2.0:nameid
Email
email
Email
name
Email
NOTE
While creating the parameters, check the Include in SAML assertion checkbox.
Once you’re done configuring the parameters, click Save.
Navigate to the SSO tab and click on View Details to download the X.509 Certificate. Also, copy the values of the Issuer URL and SAML 2.0 Endpoint (HTTP).
NOTE
Before downloading the X.509 Certificate, select SHA256 from the SHA fingerprint dropdown, and select the download format as X.509.PEM.
Document360 SSO Configuration
Finally, complete the SSO configuration in Document360:
Return to the Document360 tab/window displaying the Configure the Service Provider (SP) page and click Next to navigate to the Configure the Identity Provider (IdP) page.
Enter the corresponding values from your Identity Provider:
Identity Provider | Document360 |
---|---|
Issuer URL | Entity id |
SAML 2.0 Endpoint (HTTP) | Sign on URL |
Downloaded SAML Certificate (X.509) | SAML Certificate |
Toggle on/off the Allow IdP initiated sign in option based on your project requirements.
Click Next to proceed to the More Settings page.
More Settings
In the More settings page, configure the following:
SSO name: Enter a name for the SSO configuration.
Customize login button: Enter the text for the login button displayed to users.
Auto assign reader group: Toggle on/off as needed.
Sign out idle SSO team account: Toggle on/off based on your requirements.
Choose whether to invite existing team and reader accounts to SSO.
Click Create to complete the SSO configuration.