OneLogin
Prerequisites
-
Administrator access to the Harmony SASE Administrator Portal.
-
Administrator account with the Identity Provider Management Portal.
High-Level Procedure
Step 1 - Configure the OneLogin Management Portal
-
Log in to OneLogin Management Portal.
-
Go to Select Apps > Add Apps.
-
From the Applications, click SAML Test Connector (IdP w/attr).
-
Change the Display Name to Harmony SASE and click Save.
-
Go to the SSO tab, and copy these values:
-
SAML 2.0 Endpoint (HTTP) - You need to use this value in the Sign In URL field while configuring Harmony SASE Administrator Portal.
-
SLO Endpoint (HTTP).
-
-
To download the X.509 certificate, click View Details and then click Download.
-
Go to the Configuration tab and enter these values:
-
Audience:
urn:auth0:perimeter81:{{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name. -
Recipient:
https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name. -
ACS (Consumer) URL:
https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name. -
ACS (Consumer) URL Validator:
https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc
where{{WORKSPACE}}
refers to your Harmony SASE workspace name.
-
-
Go the Parameters tab and click Add Parameter.
-
In the pop-up that appears, using the Field name field, enter a name for the custom attribute.
-
Select the Include in the SAML assertion checkbox and click Save.
The system shows the new attribute you created with the Value: No default.
-
Change the No default value to Macro.
-
Add these properties to the Macro:
Field Name
Macro Text Box Value SAML Assertion Flag
email
{email}
Checked
given_name
{firstname}
Checked
family_name
{lastname}
Checked
-
Click Save.
Step 2 - Configure the Harmony SASE Administrator Portal
-
Log in to the Harmony SASE Administrator Portal with a administrator account.
-
Go to Settings > Identity Providers.
-
Click Add Provider.
The Add identity provider pop-up appears.
-
Select SAML 2.0 Identity Providers and click Continue.
-
In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.
Identity Provider
Sign in URL
Generic SAML
Identity Provider Sign in URL
Active Directory Federation Services (AD FS)
https://{{Your ADFS Domain}}/adfs/ls
Auth0
Auth0 login URL
OneLogin
SAML 2.0 Endpoint (HTTP) value
PingOne
https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}
PingFederate
https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2
Rippling
Rippling IdP Sign-in URL.
JumpCloud
JumpCloud IDP URL
Okta
Okta Sign on URL
Google Applications
SSO URL
-
In the Domain Aliases field, enter the business domain names separated by commas or space.
-
In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.
If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.
-
Click Done.
|
Note - After the first successful authentication of a member with SAML, Harmony SASE does this:
|