Configuring SAML and User Provisioning with OneLogin

The ScreenSteps/OneLogin integration allows you to:

  1. Authenticate users into ScreenSteps using OneLogin
  2. Provision users in ScreenSteps using OneLogin
  3. Automatically assign OneLogin users to different Groups in ScreenSteps

Before configuring user provisioning you will want to create the Groups you will want to use in ScreenSteps. Later on in this guide you will import those groups to OneLogin.

How do I create a Viewing Group?

1. Add the ScreenSteps App in OneLogin

1.1. Search for the ScreenSteps app

Be sure to select the app that says "SAML 2.0, provisioning".

1.2. Select Save

2. Configure SCIM User Provisioning

2.1. Enable Provisioning

  1. Go to the Provisioning tab in OneLogin
  2. Check Enable provisioning for ScreenSteps

2.2. Add SCIM URL and API (Bearer) Token to OneLogin

  1. Go to your ScreenSteps account
  2. Create an API token
  3. Copy the API token and the SCIM Base URL into OneLogin

Note: The API Token is called the SCIM Bearer Token in OneLogin.

2.3. Select Enable

You should see a green Enabled message (2).

2.4. Next Steps with User Provisioning

From this point you can use OneLogin rules to automatically add your OneLogin users to Viewing Groups in ScreenSteps. Contact OneLogin for help in setting up rules.

3. Configure SAML Settings

3.1. Create a Single Sign-on Endpoint in ScreenSteps

  1. Select Account Settings
  2. Select Single Sign-on
  3. Select Create Single Sign-on Endpoint

3.2. Get SAML URL from OneLogin

  1. Enter OneLogin for the title
  2. Make sure the mode is set to SAML
  3. Add the SAML 2.0 Endpoint URL from OneLogin as the Remote Login URL to ScreenSteps
  4. Use the SLO Endpoint URL from OneLogin as the Log out URL in ScreenSteps
  5. Select Create

3.3. Add the SAML Certificate

3.3.1. Download the Certificate from OneLogin

Select View Details

Select Download.

3.3.2. Upload the Certificate to ScreenSteps

Select Upload new SAML Certificate file and upload the certificate you downloaded.

Select Update

3.4. Add the Consumer URL

3.4.1. Go Back to the OneLogin App Settings by Clicking the Arrow

3.4.2. Copy the SAML Consumer URL from ScreenSteps to OneLogin

3.4.3. Select Save

4. Test SAML

4.1. Copy your Test URL and select Update

Copy your Test URL and select Update

4.2. Test

Open a new browser and enter the test url to ensure that everything is working correctly.

5. Specify which sites will use OneLogin

Once you have finished testing return to the single sign-on endpoint and either 1) add sites or 2) make everyone log in through OneLogin.


Add your comment

E-Mail me when someone replies to this comment