Articles in this section

See more

Setting up Single Sign-on (SSO) with Onelogin

Avatar
Emilee S.
Updated
Follow

Purpose: 

The purpose of this article is to provide direction to Outreach Admins in setting up SSO with One Login. 

Outreach is compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting Onelogin and Outreach, but if you would like to connecting other SSO applications, you can follow the hyperlinks below:

Requirements

In order to setup Onelogin with Outreach, the following are required:

  • Admin privileges in Outreach
  • Admin privileges in Onelogin

If you are unsure of who your Onelogin admin is, we recommend contacting your IT team.

Setting up Single Sign-On with Onelogin

Step 1: Create an application in Onelogin

1.1 Create a new application by clicking “Add Apps”

Image_2019-06-07_at_1.23.19_PM.png

1.2 Search for “SAML Test Connector (IdP)” and select this option

Image_2019-06-07_at_1.31.19_PM.png

1.3 Name the SAML Test Connector (IdP) and click “Save”

Image_2019-06-07_at_1.34.17_PM.png

1.4 Go to the “SSO” tab of your newly created app, and note three pieces of information:

  • X.509 Certificate (please download it to your computer as it will be used in a later step)
  • Issuer URL
  • SAML 2.0 Endpoint (Sign in URL)

You can click on the ‘view details’ option above to view the X.509 Certificate and download the certificate as shown in the screenshot below:

Image_2019-06-07_at_1.36.48_PM.png

Step 2. Create the Identity Provider inside Outreach

2.1 As an Outreach admin, you will navigate to the Org’s “Setting” page by going to Settings >> Org, and click the link to “Sign On Options”

Image_2019-06-07_at_1.49.18_PM.png

2.2 If it is an org without SSO already setup, click “Add Identity Provider”

Image_2019-06-07_at_1.54.26_PM.png

2.3 Add the requested identity provider information. The information requested in this section is from step 1.3 above.

Image_2019-06-07_at_1.55.21_PM.png

NOTE: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO).

2.4 Retrieve setup information from Outreach to put into Onelogin

Image_2019-06-07_at_3.53.26_PM.png

NOTE: This screenshot says “Okta”, but the screen will look similar for OneLogin.

Now find the “Setup Info” section. Copy the “ACS URL” and “Service Provider Entity ID”, we will update the Onelogin application with this information in step 3 below.

Image_2019-06-10_at_2.20.07_PM.png

NOTE: This screenshot says “Okta”, but the screen will look similar for OneLogin.

Step 3. Update OneLogin application

Return to the OneLogin application you created in step 1, click on the “Configuration” tab, and update the following application settings:

  • Audience: use the value for “Service Provider Entity ID” from step 2.3
  • Recipient: use the value for “(ACS) URL” from step 2.3
  • ACS (Consumer) URL Validator: https:\/\/outreach-prod.auth0.com\/
  • ACS (Consumer) URL: use the value for “(ACS) URL” from step 2.3

Image_2019-06-10_at_2.28.18_PM.png

Step 4. Enable SSO inside Outreach Accounts

4.1 Return to your Outreach account and click “Test” to see if the identity provider has been set up correctly.

Image_2019-06-10_at_2.36.15_PM.png

If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.

Image_2017-08-09_at_9.05.43_AM.png

4.2 Click “Back”, check “Enable”, and click “Save”.

NOTE: This screenshot says “Okta”, but the screen will look similar for OneLogin.

Image_2019-06-10_at_2.39.35_PM.png

Congrats! SSO is now enabled!

Related articles