Follow

OneLogin SAML

This article will detail how you can use OneLogin SAML with your FTP Today account.

You will need two browser windows/tabs for these steps.

Create the Identity Service at FTP Today

Log into your FTP Today Site.  Navigate to Settings…Authentication…Identity Service. Click on Add Service.

image001.png

 

Enter a name for the New Service and select “OneLogin SAML” as the provider and Save.

image002.png

Download and save the two icons.

 

Create the Application at OneLogin

Log into your OneLogin site. Navigate to Applications and select Add App.

image003.png

In the Search field enter “SAML Test”, then select the “SAML Test Connector (Advanced)”.

image004.png

 

Enter a name for the application, upload the icons you previously downloaded and Save.

image005.png

On your FTP Today Site, you find the values you need for this next step.

image006.png

 

On your OneLogin site, select Configuration. Copy the values from your FTP Today site to the corresponding fields at OneLogin.

image007.png

 

Scroll down and set the SAML signature element value to “Both” and Save

image008.png

Configure the Identity Service at FTP Today

On your OneLogin site, click “SSO”. You will need values from this page to configure your FTP Today Site.

image009.png

Copy the Issuer URL and SAML 2.0 Endpoint to your FTP Today Site.

On your OneLogin site, click “View Details” for the X.509 Certificate.

image010.png

Copy the X.509 Certificate to your FTP Today Site and Save.

image011.png

               

 

Assign the user to the application at OneLogin

Identify and select the user to have access to your FTP Today site

image012.png

Select Applications and click the “+” sign.

image013.png

 

Select your newly created app and Continue.

image014.png

 

Then Save.

image015.png

 

 

Add the user at FTP Today

In your FTP Today site, navigate to the Users area and select Add User.

image016.png

 

 

Enter the username as set up in the One Login service and select the OneLogin service you created.  Complete the rest of the fields as needed and Save.

image017.png

 


                User access through FTP Today

Navigate to the site and enter the username and click Next.

image018.png

 

There will be a brief “Authenticating” message. 

image020.png

If the user does not have an open session with OneLogin, they will have to authenticate.

image019.png

The user will now be logged into your FTP Today Site.

User access at OneLogin

Access the OneLogin portal.  On the home screen, the user can click on the FTP Today application.

image021.png

 

Ending the session

When done, the user may log out of the FTP Today site or allow the session to expire.  This will not log the user out of OneLogin or any other services authenticated through OneLogin. 

The user may also log out of OneLogin which will log the user out of your FTP Today Site. This will not close the browser window, but any action taken in the browser window will fail. After a short period, the browser window will reload to the login page.

The session timeout on the FTP Today Site may log the user out of the site even if they are still logged in at OneLogin.  In that case, after reentering their username they will be immediately authenticated to the site.

Encrypting the SAML response

This is an advanced setting required for FIPS compliance. At your FTP Today Site, navigate to the Identity Service, toggle the “Encrypt Assertion” to on and Save.

image022.png

You will now see an Encryption Certificate link near the page bottom. Copy the certificate to your clipboard.

image023.png

 

At your OneLogin site, navigate to the FTP Today application. Click on the “Configuration                ” tab.

Check “Encrypt assertion” and save.

image024.png

Once again, click on the “Configuration” tab and scroll to the bottom. Locate the SAML Encryption Public Key and paste the certificate then Save.

image025.png

 

 

Automatic User Provisioning

In your FTP Today Site, navigate to the configuration page for the Identity Service. Enable the “Create User on First Login” option and Save.

image026.png

 

When the user logs into your FTP Today Site using the link from their “My Apps” page, the user will be automatically created.  The user will have access to the site, but no permissions to files.  You will need to give the user permission to the desired folders.

The user’s name and email can be populated with values provided from OneLogin

In your OneLogin site, navigate to the application and select “Parameters” then select the “plus” sign.

image027.png

 

Three values must be set up. For each value, enter the Field Name, check Include in SAML assertion, Save, then select the coordinating OneLogin Value and Save again.

Field Name (case sensitive)

Value

FirstName

First Name

LastName

Last Name

Email

Email

 

image028.png

image029.png

 

When completed, Save the Parameters settings.

image030.png