Skip to main content

Setting up SAML integration with OneLogin

This article explains how to set up the SAML integration with OneLogin. Follow the step-by-step tutorial.

Agata Skowrońska avatar
Written by Agata Skowrońska
Updated over 9 months ago

1. In OneLogin app, go to the Administration section → Applications → Add App:

2. In the Search tab, type and choose SAML Custom Connector (Advanced):

3. In Display Name field, put Calamari. In addition, you can upload the Calamari logo here to make it easier for you to recognize the Calamari App. Then, click the Save button:

4. Open the Configuration section from the left bar.

5. To complete this part, copy some information from your Calamari app.

  • Copy the Assertion Consumer Service (ACS) URL field from Calamari and paste it into OneLogin under the ACS (Consumer) URL field.

  • Copy the Entity ID / Audience URI field from Calamari and paste it into OneLogin under the Audience (EntityID) field.

We need to enter 2 more fields in OneLogin: ACS (Consumer) URL Validator and Login URL:

  • ACS (Consumer) URL Validator is a regex version of the ACS (Consumer) URL.

    This is how the ACS URL Validator should look like depending on Client's location:

    • Europe: ^https:\/\/gateway.prod.eu-west-1.calamari.io\/saml2\/acs\/\$

    • USA: ^https:\/\/gateway.prod.us-east-1.calamari.io\/saml2\/acs\/\$

    • Asia: ^https:\/\/gateway.prod.ap-southeast-1.calamari.io\/saml2\/acs\/\$

  • The Login URL field can be copied from here:

    https://gateway.calamari.io/saml2/authenticate/example
    Where example represents your Calamari domain name. Don’t forget to update this link with your Calamari domain name.

This is an example of how it should look like:

6. Scroll down the Configuration page to the SAML Initiator, change the value to Service Provider, and then save the changes in the top-right corner:

7. Ensure users/roles in OneLogin can access the Calamari app you created. To check it, navigate the Users tab in OneLogin:

8. The last thing that needs to be set up in OneLogin is SSO. Navigate the Applications tab again → enter the Calamari App → SSO tab.

The following information needs to be entered into Calamari:

Some field names are different in different systems, so to make things easier for you, we've compiled a list of things from OneLogin that have an equivalent in Calamari:

X.509 Certificate from OneLogin = Public Certificate in Calamari

Issuer URL from OneLogin = Issuer Entity ID in Calamari

SAML 2.0 Endpoint (HTTP) from OneLogin = SAML SSO URL in Calamari

For the X.509 Certificate, click the View Details button → copy the entire body from the X.509 Certificate field → paste it into the Calamari App under the Public Certificate field.

As a result, the SAML configuration in Calamari should look similar to the example below:

9. We’re all set! Now, you may want to set up additional features:

  • Force authentication
    This feature forces re-entering the login details by users every time they sign in to Calamari.

  • Customisation
    You can set up your custom button name (max 32 characters):

The custom button will be displayed on a login page:

Did this answer your question?