Get started using the free trial

Log in to your OneLogin account as an administrator.

Click Administration on the toolbar to go to the Admin panel.

Go to Applications > Applications > Add Apps.

Type G Suite in the Search box.

On the Find Applications page, select G Suite: Form-based auth, SAML2.0, browser extension, provisioning.

You can change the Display Name.

In the Connectors section, make sure SAML2.0 - user provisioning is selected.

Click Save to display additional configuration tabs.

On the Configuration tab, enter your G Suite domain including the suffix (.com).

On the Configuration tab, authenticate to the G Suite API.

Note. Your G Suite APIs must be enabled in the G Suite admin console. See https://support.google.com/a/answer/60757.

1. On the Configuration tab, click Authenticate.
2. On the Complete Authentication Process dialog, click the G Suite link.
3. Click Accept on Google's Request for Permission page.

OneLogin returns you to your G Suite app setup page and displays a brief message that your authorization was successful.

(Optional) You can confirm that the authorization was successful by going to the Configuration tab and confirming that the Clear Token button appears in the API Connection section.

Click Save.

You must save your settings here to enable the verification part of the SAML setup.

On the SSO tab, configure your SAML settings automatically with OneLogin’s One Click SAML setup.

In this last step, you tell OneLogin to exchange certificates with G Suite and configure SAML automatically for you.

1. Turn on the Enable automatic SAML configuration toggle to open the One Click dialog.

   

    

2. Follow the prompts to complete the SAML configuration.

   If SAML configuration fails the dialog lets you know, so immediately click Retry. If retrying fails, make any modifications suggested by the error message or check your settings on the Configuration, Access, and Parameters tabs and try again.

   When SAML configuration succeeds, the dialog tells you it's done and prompts you to verify the configuration.

   

    

3. Verify that the SAML configuration has succeeded and that the OneLogin user can log into G Suite using OneLogin.

   If you are logged in as a user with a G Suite account, and you are already assigned to this app in OneLogin (as a member of a role that you added on the Access tab, for example), the dialog displays a Verify button on the Done page. Click Verify to launch G Suite in another browser tab. If it works, you're done.

   If you have not already assigned yourself access to this app, the Done page displays a Next button. Click it to display a verification page:

   

    

4. Open a new browser window or tab. Assign this app to a OneLogin user with a G Suite account, if you haven't already. Log in to OneLogin as the user and try to launch G Suite from App Home. If the app launches successfully, return to the One Click dialog and click Yes. I'm Done.

Log in to your OneLogin account as an administrator.

Click Administration on the toolbar to go to the Admin panel.

Go to Applications > Applications > Add Apps.

Type Salesforce in the Search box.

On the Find Applications page, select Salesforce: Form-based auth, SAML2.0, provisioning.

You can change the Display Name, and click Save.

In the Administer menu, go to Security Controls > Single Sign-On Settings.

Under Federated Single Sign-On Using SAML, select Edit, then the checkbox SAML Enabled, then Save.

Select New to create a Salesforce SSO profile.

On the SAML Single Sign-On Setting page, complete the form as follows:

Name: OneLogin
API Name: OneLogin
Issuer: Issuer URL copied from your app's SSO tab in OneLogin
Entity ID: https://saml.salesforce.com
Identity Provider Certificate: Click Choose File and upload the X.509 PEM file you downloaded from your app's SSO tab in OneLogin
Request Signing Certificate: Default Certificate
Request Signature Method: RSA-SHA1
Assertion Decryption Certificate: Assertion not encrypted
SAML Identity Type: Username
SAML Identity Location: Subject
Identity Provider Login URL: SAML Endpoint URL copied from your app's SSO tab in OneLogin
Identity Provider Logout URL: -blank-
Custom Error URL: -blank-
Service Provider Initiated Request Binding: HTTP POST

Click Save

Select the Configuration tab.

In the "Salesforce Login URL" field, enter your Salesforce login URL.

The URL will take the form of https://login.salesforce.com?so=. If you are unsure of your Salesforce Organization ID, go to Company Profile > Company Information within Salesforce to find it.

Click Save

Select the SSO tab.

Copy the SAML2.0 Endpoint (HTTP) URL.

Copy the Issuer URL.

Select View Details on the X.509 Certificate.

Select X.509 PEM as the certificate type.

Click Download to download the X.509 PEM certificate file.

In OneLogin, go to Users and select the account owner.

Select the Applications tab

Select the Salesforce app to open the Edit Salesforce Login pane.

Here you can overwrite the default fields for your Salesforce login and insert the correct information to match your OneLogin credentials with your Salesforce credentials.