We have a high resolution version you can download on our press kit page.
Read the latest about our MFA app and other updates from our Product Team
See how simple it is to manage secure access for all users.
Learn about the 5 obstacles to employee productivity.
Contact your Partner Manager >
Featured Customer Story Lincoln Investment >
Got the Free Trial?Follow these steps to add apps, add users, and evaluate OneLogin.
To add apps to your company app catalog, go to Applications > Applications > Add App and search for the app you want. Apps are automatically applied to the Default role so that any users added with that role will have access to the apps in the Company section of OneLogin.
To install apps now, select the app you want to add:
Important: When you enable SAML for G Suite, you enable SAML single sign-on (SSO) for all users within your organization. Therefore, we recommend that you first create a test domain to use when configuring SAML for G Suite before implementing in your live environment.
If you want to set up SAML for your production G Suite account, please contact OneLogin support.
This topic describes how to configure OneLogin to provide SSO for G Suite (formerly Google Apps) using SAML
Log in to your OneLogin account as an administrator.
Click Administration on the toolbar to go to the Admin panel.
Go to Applications > Applications > Add App.
Type G Suite in the Search box.
On the Find Applications page, select G Suite: Form-based auth, SAML2.0, browser extension, provisioning.
You can change the Display Name.
In the Connectors section, make sure SAML2.0 - user provisioning is selected.
Click Save to display additional configuration tabs.
On the Configuration tab, enter your G Suite domain including the suffix (.com).
On the Configuration tab, authenticate to the G Suite API.
Note. Your G Suite APIs must be enabled in the G Suite admin console. See https://support.google.com/a/answer/60757.
OneLogin returns you to your G Suite app setup page and displays a brief message that your authorization was successful.
(Optional) You can confirm that the authorization was successful by going to the Configuration tab and confirming that the Clear Token button appears in the API Connection section.
You must save your settings here to enable the verification part of the SAML setup.
On the SSO tab, configure your SAML settings automatically with OneLogin’s One Click SAML setup.
In this last step, you tell OneLogin to exchange certificates with G Suite and configure SAML automatically for you.
Turn on the Enable automatic SAML configuration toggle to open the One Click dialog.
Follow the prompts to complete the SAML configuration.
If SAML configuration fails the dialog lets you know, so immediately click Retry. If retrying fails, make any modifications suggested by the error message or check your settings on the Configuration, Access, and Parameters tabs and try again.
When SAML configuration succeeds, the dialog tells you it's done and prompts you to verify the configuration.
Verify that the SAML configuration has succeeded and that the OneLogin user can log into G Suite using OneLogin.
If you are logged in as a user with a G Suite account, and you are already assigned to this app in OneLogin (as a member of a role that you added on the Access tab, for example), the dialog displays a Verify button on the Done page. Click Verify to launch G Suite in another browser tab. If it works, you're done.
If you have not already assigned yourself access to this app, the Done page displays a Next button. Click it to display a verification page:
Open a new browser window or tab. Assign this app to a OneLogin user with a G Suite account, if you haven't already. Log in to OneLogin as the user and try to launch G Suite from App Home. If the app launches successfully, return to the One Click dialog and click Yes. I'm Done.
OneLogin returns you to the SSO tab, where you can confirm that the Enable automatic SAML configuration toggle is turned on.
OneLogin and G Suite should now be connected through SAML. If you want to turn off OneLogin SSO for G Suite, simply click the toggle off.
If you’ve been using OneLogin’s free 30-day trial, click here to learn how to buy OneLogin.
This topic describes how to configure OneLogin to provide single sign-on (SSO) for your Salesforce users using SAML. We recommend that you first sign up for a Salesforce Developer Edition account to use when configuring SAML for Salesforce.
Important: We recommend you set up SAML for Salesforce using the Developer Edition, as SSO can be set up for free and with a non-production environment.
Type Salesforce in the Search box.
On the Find Applications page, select Salesforce: Form-based auth, SAML2.0, provisioning.
You can change the Display Name, and click Save.
The next steps require you to copy and paste values from OneLogin to Salesforce and vice versa.
You'll input the OneLogin Issuer URL, SAML 2.0 HTTP Endpoint, and X.509 Certificate in Salesforce to confirm the SAML SSO connection.
From the Salesforce admin dashboard, do the following:
In the Administer menu, go to Security Controls > Single Sign-On Settings.
Under Federated Single Sign-On Using SAML, select Edit, then the checkbox SAML Enabled, then Save.
Select New to create a Salesforce SSO profile.
On the SAML Single Sign-On Setting page, complete the form as follows:
API Name: OneLogin
Issuer: Issuer URL copied from your app's SSO tab in OneLogin
Entity ID: https://saml.salesforce.com
Identity Provider Certificate: Click Choose File and upload the X.509 PEM file you downloaded from your app's SSO tab in OneLogin
Request Signing Certificate: Default Certificate
Request Signature Method: RSA-SHA1
Assertion Decryption Certificate: Assertion not encrypted
SAML Identity Type: Username
SAML Identity Location: Subject
Identity Provider Login URL: SAML Endpoint URL copied from your app's SSO tab in OneLogin
Identity Provider Logout URL: -blank-
Custom Error URL: -blank-
Service Provider Initiated Request Binding: HTTP POST
Select the Configuration tab.
In the "Salesforce Login URL" field, enter your Salesforce login URL.
The URL will take the form of https://login.salesforce.com?so=. If you are unsure of your Salesforce Organization ID, go to Company Profile > Company Information within Salesforce to find it.
Select the SSO tab.
Copy the SAML2.0 Endpoint (HTTP) URL.
Copy the Issuer URL.
Select View Details on the X.509 Certificate.
Select X.509 PEM as the certificate type.
Click Download to download the X.509 PEM certificate file.
Troubleshooting an Email Mismatch
In some cases, the Salesforce account admin email may not match the OneLogin admin email. This can be remedied by doing the following:
In OneLogin, go to Users and select the account owner.
Select the Applications tab.
Select the Salesforce app to open the Edit Salesforce Login pane.
Here you can overwrite the default fields for your Salesforce login and insert the correct information to match your OneLogin credentials with your Salesforce credentials.