OneLogin Single Sign-on

This section describes how to configure SSO for OneLogin.

Configure SSO for OneLogin

This task shows you how to configure SSO for authenticating users with the PCE using OneLogin as your Identity Provider (IdP).

Before you begin, make sure you have the following information from your OneLogin account:

  • x.509 certificate
  • SAML 2.0 Endpoint (HTTP)
  • SLO Endpoint (HTTP)
NOTE:

Your PCE user account must have Owner or Admin privileges to perform this task

To configure the PCE for OneLogin SSO: 

  1. From the PCE web console menu, choose Settings > SSO Config.

  2. Click Edit.

  3. Select the Enabled checkbox for SAML Status.

  4. Enter the following information: 
    • SAML Identity Provider Certificate: Paste your OneLogin x.509 certificate (in PEM text format).
    • Remote Login URL: Enter the OneLogin SAML 2.0 Endpoint (HTTP) URL.
    • Logout Landing URL: Enter the OneLogin SLO Endpoint (HTTP) URL.
  5. In the Information for Identity Provider section, choose the Access Level for the users who use OneLogin to authenticate with the PCE. When you select No Access, SSO users from your OneLogin account will have to be added manually before they can log in to the PCE. (For more information on PCE user permissions, see Role-based Access Control.)
  6. In the Information for Identity Provider section, make note of the following fields:
    • Issuer
    • Assertion Consumer URL
    • Logout URL
      You will enter this information into your OneLogin SSO configuration.

  7. Select the authentication method from the drop-down list:

    • Unspecified: Uses the IdP default authentication mechanism.

    • Password Protected Transport: Requires the user to log in with a password using a protected session.

  8. To require users to re-enter their login information to access Illumio (even if the session is still valid), check the Force Re-authentication checkbox. This allows users to log in to the PCE using a different login than their default computer login and is disabled by default.

    NOTE:

    When SSO is configured both in Illumio Core and for the IdP, the preferences in Illumio Core are used. When SSO is not configured in Illumio Core, the default IdP settings are used.

  9. Click Save.
  10. Log in to your OneLogin account.
  11. Select the Illumio Core app, and then click the Configuration tab.

  12. Enter the values copied from the Information for Identity Provider section of the PCE SSO configuration page.

  13. Click Save.

    Your PCE is now configured to use OneLogin SSO for authenticating users with the PCE.