Onelogin allows you to provide secure identity management and single sign-on to any application, whether in the cloud, on-premises or on a mobile device for your employees, partners and customers with Onelogin.
With Sapling’s integration with Onelogin, you can:
This guide provides a walkthrough on how Sapling Admins can enable the Onelogin integration and is split into two sections:
Setting up Onelogin for Auth Services Only (steps #1 - #3) and setting up Onelogin for Auth + Provisioning Services (step #4).
Login to Onelogin and go to the "Apps" tab. Then select "Add App."
Search for "Sapling" and click "Add."
Confirm the display name and icon for the Sapling app. Then be sure to select the "SAML2.0" connector. Then click "Save" in the top right corner.
Once you have successfully added the Sapling app, you will need to specify other details before the integration is complete. Go to the "Configuration" tab and enter your Sapling subdomain.*
The Subdomain is the first part of your Sapling URL. So, if my login URL is "https://mycompany.Sapling.com", then my subdomain would simply be "mycompany."
Once you fill in your Subdomain, click "Save."
Next, select the "Parameters" tab and ensure that the credentials are configured by the admin and that the mappings are as follows:
Navigate to the "SSO" tab and copy the following information for insertion into Sapling:
In a separate window, login to Sapling. Navigate to Admin>Integrations and click on "SAML".
Enter the SAML information into Sapling by pasting the SSO Login URL (SAML 2.0 Endpoint (HTTP)) and the x.509 Certificate information from OneLogin.
Sapling can also provision the new hires Onelogin account.
The workflow with this is:
The new hire account is set-up by Sapling with the following attributes:
To set-up provisioning, you will need to enter the following fields into Sapling and enable provisioning.
This information is available in Onelogin under the API Credentials.
Create a new API Key with the any name (i.e. Sapling HR) and provide access to Manage Users.
You will then be granted the Client Secret and Client ID to be added to Sapling.
Lastly, Sapling can also keep employee data in Onelogin with sending data changes in Sapling to Onelogin.
The attributes that can be kept in Sync between Sapling + Onelogin are:
Several customers of Sapling build custom rules in Onelogin based on Departments or Job Titles to grant access to relevant application - only the apps that are pertinent to a specific role. For example, if an employee moved from sales to marketing, the update in Sapling would notify Onelogin that would then update the relevant applications.