Authenticate user access to applications with OneLogin

You can authenticate user access to applications with the OneLogin service.

Before you begin

You must have a OneLogin account. If you do not, see for more information.

How to

  1. Log in to you OneLogin portal.
    1. Click Apps > Add Apps
      OneLogin Add Apps option

    2. On the Find Applications page, search for SAML Test Connector (IDP w/ attr w/ sign response) and click on it.
      OneLogin Find Applications menu

    3. On the application page, click SAVE.
      Save the Add SAML Test Connector page

    4. A new page appears. Click the Configuration tab and fill in this information:
      Configuration tab fields to complete
      Field Value
      Relay State Leave it blank
      Recipient Leave it blank
      ACS (Consumer) URL Validator
      ACS (Consumer) URL
      Single Logout URL Leave it blank
      Note: In the above table, the YOUR-IDP-NAME is the name of your IdP. For example, if YOUR-IDP-NAME is oneloginidp, then the values for Audience, ACS (Consumer) URL Validator, and ACS (Consumer) URL are This is just an example. The actual values for the Audience, URL Validator, and the URL fields must match the values of the OneLogin instructions specified in your EAA admin portal.
    5. Click Parameters and select MemberOf from the Value field and click SAVE.
      Select Edit Field Member Of value

    6. Select @SAML Metadata from the MORE ACTIONS tab to download the metadata file to your computer. You will add this file to the EAA configuration.
      MORE ACTIONS tab

    7. Click SAVE and return to the EAA management portal.
  2. Log in to the EAA Management Portal if you have not already done so.
    1. From the top menu bar, select Identity > Directories.
    2. To add a new directory, click Add Directory. The Create New Directory window appears.
    3. Enter a name and description, and select OneLogin from the Directory Type menu. For more information about supported directory services, see Directories.
    4. Click Create Directory and Configure. The configuration page appears.
    5. Enter your company name in the URL field as it appears after the OneLogin host when you connect to OneLogin.
    6. In the Upload IDP Metadata File field, upload the OneLogin metadata file that was saved in Step 1f.

Next steps

At this point, your OneLogin directory is connected to the EAA Cloud. When securing an additional application with the Enterprise Application Access service, select this new directory as the AUTHENTICATION source while configuring the application. If an application is already associated with the your Microsoft Active Directory, you need to click on the CHANGE SERVICE button in the Authentication page to select your SAML provider as the authentication source.