Configuring SAML and User Provisioning with OneLogin
The ScreenSteps/OneLogin integration allows you to:
- Authenticate users into ScreenSteps using OneLogin
- Provision users in ScreenSteps using OneLogin
- Automatically assign OneLogin users to different Groups in ScreenSteps
Before configuring user provisioning you will want to create the Groups you will want to use in ScreenSteps. Later on in this guide you will import those groups to OneLogin.
2.1. Enable Provisioning
- Go to the Provisioning tab in OneLogin
- Check Enable provisioning for ScreenSteps
2.2. Add SCIM URL and API (Bearer) Token to OneLogin
- Go to your ScreenSteps account
- Create an API token
- Copy the API token and the SCIM Base URL into OneLogin
Note: The API Token is called the SCIM Bearer Token in OneLogin.
2.3. Select Enable
You should see a green Enabled message (2).
2.4. Next Steps with User Provisioning
From this point you can use OneLogin rules to automatically add your OneLogin users to Viewing Groups in ScreenSteps. Contact OneLogin for help in setting up rules.
3.1. Create a Single Sign-on Endpoint in ScreenSteps
- Select Account Settings
- Select Single Sign-on
- Select Create Single Sign-on Endpoint
3.2. Get SAML URL from OneLogin
- Enter OneLogin for the title
- Make sure the mode is set to SAML
- Add the SAML 2.0 Endpoint URL from OneLogin as the Remote Login URL to ScreenSteps
- Use the SLO Endpoint URL from OneLogin as the Log out URL in ScreenSteps
- Select Create
3.3. Add the SAML Certificate
3.3.1. Download the Certificate from OneLogin
Select View Details
3.3.2. Upload the Certificate to ScreenSteps
Select Upload new SAML Certificate file and upload the certificate you downloaded.
3.4. Add the Consumer URL
3.4.1. Go Back to the OneLogin App Settings by Clicking the Arrow
3.4.2. Copy the SAML Consumer URL from ScreenSteps to OneLogin
3.4.3. Select Save
4.1. Copy your Test URL and select Update
Open a new browser and enter the test url to ensure that everything is working correctly.
Once you have finished testing return to the single sign-on endpoint and either 1) add sites or 2) make everyone log in through OneLogin.