OneLogin - Configuring Single Sign-On Authentication

Learn how to configure Single Sign-On using SAML protocol in OneLogin to authenticate users to your Staffbase platform.

Employee App
Staffbase Intranet
Staffbase Email

In this article, you will learn how to set up using the protocol in OneLogin. SSO is an authentication method that allows users access to multiple applications with a single account. This will allow you to onboard your users using SSO and let them access the Staffbase platform using the same credentials they use to access other platforms in your organization.

SSO is optional for user management. You can choose an option based on your business requirements. Learn more about other options.

  • You have access to the OneLogin Administration.
  • You have super user privilege in OneLogin.
    Learn more.

All required configuration details for setting up SSO—such as Entity ID, Reply URL (ACS), and more are available directly in the Staffbase Studio.
Learn more about the SSO configuration details.

You need to create an App in OneLogin to set up SSO.

Staffbase recommends creating a dedicated application to maintain users for your Staffbase platform.

  1. In OneLogin, go to Administration.
  1. Click Applications > Applications.
  1. Click Add App.
  1. Search SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML) and select the app.
  1. Provide a display name for the application. For example, Staffbase SSO or something similar to help you instantly identify the application. Click Save.
  1. Under Configuration, enter the values you copied from the Staffbase Studio SSO settings, and click Save.
  • SAML Audience URL
  • Recipient
  • ACS (Consumer) URL Validator
  • ACS (Consumer) URL
  • Login URL
  • SAML initiator: Select Service Provider
  • SAML nameID format: Select Unspecified
  • SAML signature element: Select Assertion
  1. Under Parameters, provide the following details:
  • SAML NameID (Subject): Change the value to OneLogin ID

The SAML NameID (Subject) and the identifier in your Staffbase platform must match for each user using SSO.


If you want to use a different identifier value than the one already in place for your users in the Staffbase platform, you must first update the user identifiers in your Staffbase platform. In such a case, ensure that you also use these new identifiers for all future user management.

  1. Click the + sign and add the following fields:
  • Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname ->

    • Include in SAML assertion: Enable the option. > Click Save.
    • Value: First Name > Click Save.
  • Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname ->

    • Include in SAML assertion: Enable the option. > Click Save
    • Value: Last Name > Click Save.
  • Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress ->

    • Include in SAML assertion: Enable the option. > Click Save
    • Value: Email > Click Save.
  1. Click Save.

After creating the app, you can decide which OneLogin users need access to the Staffbase platform using SSO.

Staffbase recommends adding a few users initially to test that everything works as expected.

  1. In the app you created, click Access.
  1. Select the roles you want to add and click Save.
    You have assigned roles to the app integration.

Once you complete the setup in both OneLogin and Staffbase Studio, you can test SSO directly—no need to wait for Staffbase Support.

After testing the SSO authentication works as expected, you can add all users and/or groups in OneLogin to the app.

You have configured and enabled SSO for your Staffbase platform.