Embedded iPaaSUnified API

SAML Authentication

Single Sign-On (SSO) with SAML provides a streamlined login process by using centralized identity provider (IdP) credentials. Here's a step-by-step guide to configuring SAML integration for Alloy using ONE LOGIN as the IdP.

Suggest Edits

Overview:

Using Single Sign-On (SSO) with SAML, Alloy offers a seamless login experience through centralized identity provider (IdP) credentials. This guide walks you through the SAML integration for Alloy with ONE LOGIN as the IdP.

Prerequisites:

  1. You need an active account on https://www.onelogin.com/.
  2. Ensure you have a team created on Alloy.

Configuration Steps:

  1. Setting up on ONE LOGIN:
    Start by visiting ONE LOGIN and logging in. Once in, navigate to Applications > Application and click “Add App”. Search for “SAML Test” and select “SAML Test Connector (idP)”, naming the application as per your preference.
  2. Configuring SAML on Alloy:
    In a separate browser tab, access Alloy. After logging in, head over to Settings > Teams. From the left panel, select Security and then Enable SSO.

    You'll be prompted for your Alloy account password. After providing it, copy the “Alloy SSO URL”.
  3. Linking ONE LOGIN and Alloy:
    • Switch back to ONE LOGIN and select Configuration from the left panel. Here, paste the “Alloy SSO URL” into both the “ACS (Consumer) URL Validator” and “ACS (Consumer) URL*” fields. The “Audience” should be set to “https://app.runalloy.com”.
    • Next, in the SSO section of ONE LOGIN, copy the issuer URL and paste it in the Alloy modal under “IdP Issuer”. Then copy the “SAML 2.0 Endpoint” and paste it in the Alloy modal under “IdP SSO”, ensuring the “SAML Signature Algorithm” is set to SHA-256.
    • Under “X.509 Certificate”, adjust the SHA fingerprint to SHA256 and copy the value in the X.509 Certificate.
    • This value should be pasted into Alloy's “IdP Certificate” field. Once all details are filled in, click Proceed on Alloy.
  4. Finalizing the Setup:
    After the configuration, Alloy will display an SSO URL and Team ID. Save both. To use SSO for logging in, you can either use the direct SSO URL or go to Alloy's login page, click “Login with SSO”, and input the “Team ID”.
  5. Post-login Experience:
    Upon initiating an SSO login, you'll be redirected to ONE LOGIN for authentication. Once verified, you'll gain access to your Alloy account, provided the user is recognized.

Updated 5 months ago