One Login's logo

OneLogin SSO Setup Guide

A guide for Tuple customers who want to use SAML SSO with OneLogin as the Identity Provider.

Overview

  1. Create SAML SSO Connector
  2. Configure Tuple's required metadata
  3. Attach required Tuple parameters to SSO response
  4. Download X.509 certificate and send Tuple your metadata

Step 1 - Creating SAML Connector

After signing in or creating your OneLogin account you'll need to add a new SAML SSO application. Click on Applications > Applications in the top navigation bar.

Add SSO SAML App

In the search field, enter: SAML Test and select the SAML Test Connector (Advanced) from the results.

Locate App From Search

Fill in any required metadata, upload company logos you'd like to use, and save the new application.

SAML Metadata

Step 2 - Configure Tuple's Metadata

After saving, click on Configuration in the left-hand sidebar.

Note: if you're setting up SSO for the first time, use staging instead of production in all of the following URLs. Once the integration has been confirmed to work, you can replace all the values back to production.

Tuple Metadata

Fill in all the fields circled in red.

Audience (EntityID)
https://production.tuple.app/users/saml/metadata
Recipient
https://production.tuple.app/users/saml/auth
ACS (Consumer) URL Validator*
https:\/\/production.tuple.app\/users\/saml\/auth
ACS (Consumer) URL*
https://production.tuple.app/users/saml/auth
Login URL
https://production.tuple.app

Step 3 - Attach Required Parameters

Next, head to the Parameters section in the side bar and find the plus button to add new fields.

These fields will be sent along in the SSO response. There are three fields that Tuple requires in order to work: email, first_name, and last_name.

Add User Parameters

When adding these new fields, ensure that the checkbox Include in SAML Assertion is checked.

Check assertion

Repeat for first_name and last_name.

Adding First Name

Once you're finished with adding the required parameters the screen should look like:

All Required Tuple Params

Step 4 - Send Tuple Metadata

Next, you'll download your X.509 certificate.

To download your certificate click on SSO in the sidebar and find the link to View Details:

View certificate

Click on Download. You'll need to attach this to an email shortly.

Download certificate

Finally, return back to the SSO screen and locate the Issuer URL and SAML 2.0 Endpoint (HTTP).

Entity ID and auth URL

Draft a new email to support@tuple.app and attach the downloaded certificate. Paste your Issuer URL (Entity ID) and SAML 2.0 Endpoint (HTTP) (authentication URL) into the body of the email. After receiving your email, we'll schedule a time to do a test to confirm the integration was successful.