GoodAccess Website Request Free Trial Download App

OneLogin

This guide will show you how to integrate GoodAccess with OneLogin SSO/SCIM.

This feature is available in the Premium plan and higher.

Remember to grant your OneLogin users access permissions to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to the OneLogin Admin console, and go to Applications > Applications.

Click Add App, and select SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML) (you can use the searchbar).

Give the application a name, and click Save.

1. Configuration

Go to Configuration, and copy the details from GoodAccess - (2) GoodAccess links.

  • SAML Audience URL - Entity ID

  • RelayState - Relay State

  • ACS (Consumer) URL - Assertion Consumer Service URL

  • Login URL - Login URL

  • SAML initiator - OneLogin

  • SAML nameID format - Email

Leave the rest at default values.

Return to GoodAccess, and click Continue.

Return to OneLogin.

2. Parameters

Go to Parameters, and click ( + ).

  • Name - "email" (without quotes)

  • Value - Email

  • Flags - Check Include in SAML assertion

Click Save.

3. SSO

Go to SSO, and set SAML Signature Algorithm to SHA-256.

Click Save, then copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - SAML 2.0 Endpoint (HTTP)

  • Entity ID - Issuer URL

  • X509 signing certificate - Click View Details and copy the certificate

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your OneLogin SSO with GoodAccess.

Step 3 (optional) - Setting up SCIM

1. API Connection

In the application, go to Configuration, and scroll down to the bottom of the page.

Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

Copy the below code into SCIM JSON Template:

{
  "schemas": [
    "urn:scim:schemas:core:2.0",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ],
  "userName": "{$user.email}",
  "displayName": "{$user.email}",
  "externalId": "{$user.id}",
  "name": {
    "familyName": "{$user.lastname}",
    "givenName": "{$user.firstname}",
    "formatted": "{$user.display_name}"
  },
  "emails": [{
    "value": "{$user.email}",
    "type": "work",
    "primary": true
  }]
}

Return to GoodAccess, and click Submit.

Return to OneLogin, click Save, and Enable to confirm your settings.

2. (optional) Adding groups to provisioning

During our testing, this feature was not supported by the default SCIM connector. However, it is possible the identity provider has implemented it by now.

Go to Parameters, and open the existing Groups parameter. Here, check Include in User Provisioning, and click Save.

Go to Provisioning > Entitlements, and click Refresh.

3. Starting the provisioning

Go to Provisioning, check Enable provisioning, and click Save.

The whole provisioning process will take around 20 minutes to complete depending on the amount of members and groups being added.

You have now successfully set up OneLogin SCIM with GoodAccess.

Step 4 - Managing user access

Go to Access, choose which roles should have access and click Save.

PreviousOktaNextUniversal (SAML)

Last updated