Configuring SAML and User Provisioning with OneLogin

The ScreenSteps/OneLogin integration allows you to:

  1. Authenticate users into ScreenSteps using OneLogin
  2. Provision users in ScreenSteps using OneLogin
  3. Automatically assign OneLogin users to different Groups in ScreenSteps

Before configuring user provisioning you will want to create the Groups you will want to use in ScreenSteps. Later on in this guide you will import those groups to OneLogin.

How do I create a Viewing Group?

1. Add the ScreenSteps App in OneLogin

1.1. Search for the ScreenSteps app

Be sure to select the app that says "SAML 2.0, provisioning".

1.2. Select Save

2. Configure SCIM User Provisioning

2.1. Enable Provisioning

  1. Go to the Provisioning tab in OneLogin
  2. Check Enable provisioning for ScreenSteps

2.2. Add SCIM URL and API (Bearer) Token to OneLogin

  1. Go to your ScreenSteps account
  2. Create an API token
  3. Copy the API token and the SCIM Base URL into OneLogin

Note: The API Token is called the SCIM Bearer Token in OneLogin.

2.3. Select Enable

You should see a green Enabled message (2).

2.4. Next Steps with User Provisioning

From this point you can use OneLogin rules to automatically add your OneLogin users to Viewing Groups in ScreenSteps. Contact OneLogin for help in setting up rules.

You can set the user role in ScreenSteps by using the screenstepsRole parameter in OneLogin.

3. Configure SAML Settings

3.1. Create a Single Sign-on Endpoint in ScreenSteps

Follow the instructions in the article How do I use Remote Authentication to access my sites or admin area? for setting up a Single Sign-on endpoint. When creating the endpoint select SAML as the mode.

3.2. Get SAML URL from OneLogin

  1. Make sure the mode is set to SAML
  2. Add the SAML 2.0 Endpoint URL from OneLogin as the Remote Login URL to ScreenSteps
  3. Use the SLO Endpoint URL from OneLogin as the Log out URL in ScreenSteps
  4. Select Update

3.3. Add the SAML Certificate

3.3.1. Download the Certificate from OneLogin

Select View Details

Select Download.

3.3.2. Upload the Certificate to ScreenSteps

  1. Select Upload new SAML Certificate file and upload the certificate you downloaded.
  2. Click Update.

3.4. Add the Consumer URL

3.4.1. Go Back to the OneLogin App Settings by Clicking the Arrow

3.4.2. Copy the SAML Consumer URL from ScreenSteps to OneLogin

3.4.3. Select Save

4. Test SAML

4.1. Copy your Test URL and select Update

Copy your Test URL and select Update

4.2. Test

Open a new browser and enter the test url to ensure that everything is working correctly.

5. Activate endpoint

Once you have finished testing your endpoint click the Activate checkbox.

0 Comments

Add your comment

E-Mail me when someone replies to this comment