LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Adding a new identity provider
  • Step 2 - Setting up Single Sign-On with SAML
  • 1. Configuration
  • 2. Parameters
  • 3. SSO
  • Step 3 (optional) - Setting up SCIM
  • 1. API Connection
  • 2. (optional) Adding groups to provisioning
  • 3. Starting the provisioning
  • Step 4 - Managing user access

Was this helpful?

  1. Configuration guides
  2. Features
  3. SSO/SCIM

OneLogin

This guide will show you how to integrate GoodAccess with OneLogin SSO/SCIM.

PreviousOktaNextPing Identity

Last updated 7 months ago

Was this helpful?

This feature is available in the Premium plan and higher.

Remember to to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to the , and go to Applications > Applications.

Click Add App, and select SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML) (you can use the searchbar).

Give the application a name, and click Save.

1. Configuration

Go to Configuration, and copy the details from GoodAccess - (2) GoodAccess links.

  • SAML Audience URL - Entity ID

  • RelayState - Relay State

  • ACS (Consumer) URL - Assertion Consumer Service URL

  • Login URL - Login URL

  • SAML initiator - OneLogin

  • SAML nameID format - Email

Leave the rest at default values.

Return to GoodAccess, and click Continue.

Return to OneLogin.

2. Parameters

Go to Parameters, and click ( + ).

  • Name - "email" (without quotes)

  • Value - Email

  • Flags - Check Include in SAML assertion

Click Save.

3. SSO

Go to SSO, and set SAML Signature Algorithm to SHA-256.

Click Save, then copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - SAML 2.0 Endpoint (HTTP)

  • Entity ID - Issuer URL

  • X509 signing certificate - Click View Details and copy the certificate

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your OneLogin SSO with GoodAccess.

Step 3 (optional) - Setting up SCIM

1. API Connection

In the application, go to Configuration, and scroll down to the bottom of the page.

Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

Copy the below code into SCIM JSON Template:

{
  "schemas": [
    "urn:scim:schemas:core:2.0",
    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
  ],
  "userName": "{$user.email}",
  "displayName": "{$user.email}",
  "externalId": "{$user.id}",
  "name": {
    "familyName": "{$user.lastname}",
    "givenName": "{$user.firstname}",
    "formatted": "{$user.display_name}"
  },
  "emails": [{
    "value": "{$user.email}",
    "type": "work",
    "primary": true
  }]
}

Return to GoodAccess, and click Submit.

Return to OneLogin, click Save, and Enable to confirm your settings.

2. (optional) Adding groups to provisioning

During our testing, this feature was not supported by the default SCIM connector. However, it is possible the identity provider has implemented it by now.

Go to Parameters, and open the existing Groups parameter. Here, check Include in User Provisioning, and click Save.

Go to Provisioning > Entitlements, and click Refresh.

3. Starting the provisioning

Go to Provisioning, check Enable provisioning, and click Save.

The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.

You have now successfully set up OneLogin SCIM with GoodAccess.

Step 4 - Managing user access

Go to Access, choose which roles should have access and click Save.

🖥️
Log in to the GoodAccess Control Panel, and go to Settings > SSO & Identity.
OneLogin Admin console
grant your OneLogin users access permissions
Adding a new custom SAML application
Adding a new custom SAML application
Setting up the Configuration
Setting up the Parameters
Setting up the Parameters
Setting up the SSO
Setting up the API Connection
Adding groups to provisioning
Starting the provisioning
Managing user access
OneLogin Admin console with key steps to adding a new custom SAML application.
OneLogin Admin console with key steps to adding a new custom SAML application.
OneLogin Admin console with key steps to setting up the "Configuration".
OneLogin Admin console with key steps to setting up the "Parameters".
OneLogin Admin console with key steps to setting up the "Parameters".
OneLogin Admin console with key steps to setting up the "SSO".
OneLogin Admin console with key steps to setting up the "API Connection".
OneLogin Admin console with key steps to adding groups to provisioning.
OneLogin Admin console with key steps to starting the provisioning.
OneLogin Admin console with key steps to managing user access.