Enable OneLogin single sign-on integration (SSO)
Everhour provide an easy-to-use integration with OneLogin to support SSO for you or everyone in your team.
- SSO using OneLogin is available on our Team Plan
- Team owner or admin will need to first enable SSO
- OneLogin Admin account
- 1
-
Choose Apps > Find apps, then fine SAML Custom Connector (Advanced). Next input Display Name e.g. "Everhour SAML Connector" and click Save button.
- 2
-
Navigate to Configuration tab and configure as follows:
- RelayState: leave empty
- Audience (EntityID): leave empty
- Recipient: leave empty
- ACS (Consumer) URL Validator:
.* - ACS (Consumer) URL: Copy and paste
Consumer URLfrom Everhour, i.e: https://api.everhour.com/saml/consume - Single Logout URL: leave empty
- Login URL: leave empty
- SAML not valid before:
3 - SAML not valid on or after:
3 - SAML initiator:
Service Provider
- SAML nameID format:
Email - SAML issuer type:
Specific - SAML signature element:
Responce - Encrypt assertion: do not check
- SAML encryption method:
TRIPLEDES-CBC - Send NameID Format in SLO Request: do not check
- Generate AttributeValue tag for empty values: do not check
- SAML sessionNotOnOrAfter:
1440 - Sign SLO Request: leave empty
- Sign SLO Response: leave empty
- 3
-
Navigate to Parameters tab and configure as follows:
- Credentials are: Configured by admin
- SAML Custom Connector (Advanced) Field:
- Name:
NameID value - Value:
Email
- Name:
- 4
-
Navigate to SSO tab.
- Copy the SAML 2.0 Endpoint (HTTP) and paste the Sign-in page URL into its corresponding field on Everhour (
ssoUrl). - Copy the X.509 Certificate by clicking on View Details link and paste the X.509 Certificate into its corresponding field on Everhour (
x509Certificate).
- Copy the SAML 2.0 Endpoint (HTTP) and paste the Sign-in page URL into its corresponding field on Everhour (
- 5
-
Navigate to Users tab and choose users which will be allowed to sign in via SSO and specify their NameID values (emails).
