Objective
Set up SSO for Outreach with OneLogin IdP.
For guidance on configuring Outreach SSO with other providers, click here.
Applies To
- Outreach Admins
Procedure
Before You Begin
In order to setup OneLogin with Outreach, the following are required:
- Admin privileges in Outreach
- Admin privileges in OneLogin
If you are unsure of who your OneLogin admin is, we recommend contacting your IT team.
Part 1: Create an application in OneLogin
- Create a new application by clicking Add Apps.
- Search for and select SAML Test Connector (IdP).
- Name the SAML Test Connector (IdP) and click Save.
- Go to the SSO tab of your newly created app, and note three pieces of information:
- X.509 Certificate (See step 5)
- Issuer URL
-
SAML 2.0 Endpoint (Sign in URL)
- Click View Details to view the X.509 Certificate, then click Download. You will need this certificate at a later step.
Part 2: Create the Identity Provider inside Outreach
- In a new browser tab or window, access the Outreach platform as an Admin.
- From the left nav, click Administration > Organization > Org info.
- In the General tab, scroll down to Sign-in and password options, then click Edit.
- On the resulting screen, assuming your org does not already have SSO set up, click Add Identity Provider.
- Add the requested identity provider information, leveraging the information noted in Part 1 above, then click Save.
Note: We recommend NOT selecting the advanced options Use NameId Instead of Email and Enable just-in-time new user provision unless the functions of each are both understood and needed by your organization. Read more about these in Advanced Settings For Identity Provider (SSO). - On the resulting SSO Settings screen, to the right of the Identity Provider name, click Edit.
- On the Edit Identity Provider screen, scroll down to the Setup Info section and note or copy down the ACS URL and Service Provider Entity ID for use in the next part.
Part 3: Update OneLogin application
- Return to the OneLogin application you created in Part 1.
- Click the Configuration tab, then update the following application settings:
- Audience: Use the value for Service Provider Entity ID from Part 2, Step 3.
- Recipient: Use the value for (ACS) URL from Part 2, Step 3.
- ACS (Consumer) URL Validator: Copy and paste the following string: https:\/\/outreach-prod\.auth0\.com\/
- ACS (Consumer) URL: Use the value for (ACS) URL from Part 2, Step 3.
Part 4: Enable SSO inside Outreach Accounts
- Return to your Outreach account. You should still be on the Edit Identity Provider screen.
- At the bottom right, click Test.
- This will check to see if the identity provider has been set up correctly.
- If successful, you should see a Success! page.
- Below the success message, examine User email and confirm it matches with your user login email inside Outreach.
- Click the < Back link to return to the SSO Settings page.
- Check the box for Enable.
- Click Save.