OneLogin

Prerequisites

  • Administrator access to the Harmony SASE Administrator Portal.

  • Administrator account with the Identity Provider Management Portal.

High-Level Procedure

Step 1 - Configure the OneLogin Management Portal

  1. Log in to OneLogin Management Portal.

  2. Go to Select Apps > Add Apps.

  3. From the Applications, click SAML Test Connector (IdP w/attr).

  4. Change the Display Name to Harmony SASE and click Save.

  5. Go to the SSO tab, and copy these values:

    • SAML 2.0 Endpoint (HTTP) - You need to use this value in the Sign In URL field while configuring Harmony SASE Administrator Portal.

    • SLO Endpoint (HTTP).

  6. To download the X.509 certificate, click View Details and then click Download.

  7. Go to the Configuration tab and enter these values:

    • Audience: urn:auth0:perimeter81:{{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • Recipient: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • ACS (Consumer) URL: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    • ACS (Consumer) URL Validator: https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

  8. Go the Parameters tab and click Add Parameter.

  9. In the pop-up that appears, using the Field name field, enter a name for the custom attribute.

  10. Select the Include in the SAML assertion checkbox and click Save.

    The system shows the new attribute you created with the Value: No default.

  11. Change the No default value to Macro.

  12. Add these properties to the Macro:

    Field Name

    		 Macro Text Box Value

    SAML Assertion Flag

    email

    {email}

    Checked

    given_name

    {firstname}

    Checked

    family_name

    {lastname}

    Checked

  13. Click Save.

Step 2 - Configure the Harmony SASE Administrator Portal

  1. Log in to the Harmony SASE Administrator Portal with a administrator account.

  2. Go to Settings > Identity Providers.

  3. Click Add Provider.

    The Add identity provider pop-up appears.

  4. Select SAML 2.0 Identity Providers and click Continue.

  5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

    Identity Provider

    Sign in URL

    Generic SAML

    Identity Provider Sign in URL

    Active Directory Federation Services (AD FS)

    https://{{Your ADFS Domain}}/adfs/ls

    Auth0

    Auth0 login URL

    OneLogin

    SAML 2.0 Endpoint (HTTP) value

    PingOne

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}

    PingFederate

    https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2

    Rippling

    Rippling IdP Sign-in URL.

    JumpCloud

    JumpCloud IDP URL

    Okta

    Okta Sign on URL

    Google Applications

    SSO URL

  6. In the Domain Aliases field, enter the business domain names separated by commas or space.

  7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

    If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

  8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this:

  • Assigns the member with the appropriate role.

  • Adds the member to the groups related to Identity Provider.

  • Applies the relevant configuration profiles to the member.