Learn how to configure Single Sign-On using SAML protocol in OneLogin to authenticate users to your Staffbase platform.
In this article, you will learn how to set up
SSO is optional for user management. You can choose an option based on your business requirements. Learn more about other options.
For creating an app integration in OneLogin, you need to receive the following from Staffbase Support:
You need to create an App in OneLogin to set up SSO.
Staffbase recommends creating a dedicated application to maintain users for your Staffbase platform.
^https:\/\/myapp\.mydomain\.com\/auth\/saml\/.{0,}$
OneLogin ID
The SAML NameID (Subject) and the identifier in your Staffbase platform must match for each user using SSO.
If you want to use a different identifier value than the one already in place for your users in the Staffbase platform, you must first update the user identifiers in your Staffbase platform. In such a case, ensure that you also use these new identifiers for all future user management.
Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
->
Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
->
Field name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
->
Provide Staffbase with the SAML Metadata for the app you created. Under SSO copy the Issuer URL.
After creating the app, you can decide which OneLogin users need access to the Staffbase platform using SSO.
Staffbase recommends adding a few users initially to test that everything works as expected.
After you have provided Staffbase Support with the metadata, you will be informed when SSO was added to your Staffbase instance and is ready for testing.
After testing the SSO authentication works as expected, you can add all users and/or groups in OneLogin to the app.
You have configured and enabled SSO for your Staffbase platform.