In this article you will find the necessary steps to configure a connection between OneLogin and Mosaic's authentication platform to establish a Single-Sign-On experience for your enterprise users using Mosaic.
If at any time there are questions or issues with the connection, please reach out to support@mosaic.pe for assistance.
OneLogin Configuration
- On the OneLogin Administration page, hover on Apps, and then choose Add apps.
- In the search bar under Find Applications, enter saml, and then choose SAML Test Connector (IdP). The Add SAML Test Connector (IdP) page.
- For Display Name, enter Mosaic
- For Icons, upload thumbnail icons following the specifications on the page using this logo.
- Choose Save.
- On the OneLogin portal page, choose Configuration.
- On the Configuration page, complete the following steps:
For RelayState, enter https://app.mosaic.pe
For Audience, enter urn:amazon:cognito:sp:us-east-1_snwpaAR4h.
For Recipient, enter https://auth.mosaic.pe/saml2/idpresponse.
For ACS (Consumer) URL Validator, enter https://auth.mosaic.pe/saml2/idpresponse.
For ACS (Consumer) URL, enter https://auth.mosaic.pe/saml2/idpresponse.
For Single Logout URL, leave the field blank. - On the OneLogin portal page, choose Parameters.
- To create a new, custom parameter, choose Add parameter.
-
Add the following parameters. For Flags, select the Include in SAML assertion check box:
Field Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Value: Email
Field Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Value: First Name
Field Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Value: Last Name
- Choose Save.
- On the OneLogin portal page, choose SSO.
- Under Issuer URL, copy the URL.
Note: If you are utilizing the directory listing, you will need to create a separate bookmark link to https://app.mosaic.pe/login/<your primary domain>
and hide the authorization entry from the directory. Otherwise, users attempting to log in via the directory listing may receive and Invalid samlResponse or relayState from identity provider
.
Mosaic Configuration
Once you have completed the steps above, please email support@mosaic.pe with the Issuer URL from Step 14, as well as a list of all possible domains that might be authenticating via your OneLogin instance. For example: yourdomain.com, yourdomain.net, etc.
Comments
0 comments
Article is closed for comments.