One Login's logo

OneLogin SSO Setup Guide

A guide for Tuple customers who want to use SAML SSO with OneLogin as the Identity Provider.


Email addresses for users in OneLogin and on Tuple must match exactly. For example, will not match Please ensure your team's email addresses are correct before we enable the SSO integration.


  1. Create SAML SSO Connector
  2. Configure Tuple's required metadata
  3. Attach required Tuple parameters to SSO response
  4. Download X.509 certificate and send Tuple your metadata

Step 1 - Creating SAML Connector

After signing in or creating your OneLogin account you'll need to add a new SAML SSO application. Click on Applications > Applications in the top navigation bar.


In the search field, enter: SAML Test and select the SAML Test Connector (Advanced) from the results.

Locate App From Search

Fill in any required metadata, upload company logos you'd like to use, and save the new application.

SAML Metadata

Step 2 - Configure Tuple's Metadata

After saving, click on Configuration in the left-hand sidebar.

Tuple Metadata

Fill in all the fields circled in red.

Audience (EntityID)
ACS (Consumer) URL Validator*
ACS (Consumer) URL*
Login URL

Step 3 - Attach Required Parameters

Next, head to the Parameters section in the side bar and find the plus button to add new fields.

These fields will be sent along in the SSO response. There are three fields that Tuple requires in order to work: email, first_name, and last_name.

Add User Parameters

When adding these new fields, ensure that the checkbox Include in SAML Assertion is checked.

Check assertion

Repeat for first_name and last_name.

Adding First Name

Once you're finished with adding the required parameters the screen should look like:

All Required Tuple Params

Step 4 - Send Tuple Metadata

Next, you'll download your X.509 certificate.

To download your certificate click on SSO in the sidebar and find the link to View Details:

View certificate

Click on Download. You'll need to attach this to an email shortly.

Download certificate

Finally, return back to the SSO screen and locate the Issuer URL and SAML 2.0 Endpoint (HTTP).

Entity ID and auth URL

Draft a new email to and attach the downloaded certificate. Paste your Issuer URL (Entity ID) and SAML 2.0 Endpoint (HTTP) (authentication URL) into the body of the email. After receiving your email, we'll schedule a time to do a test to confirm the integration was successful.