This document describes how you can configure SAML Single Sign-On Authentication in Team Password Manager using OneLogin as the Identity Provider (IdP). Read the SAML Authentication document to learn how SAML Authentication works in Team Password Manager.
Follow these steps:
1. Log into your OneLogin portal.
2. Click on Administration, and then Applications.
3. Click on the "Add App", search for "SAML Test Connector (Advanced)" in the "Find Applications" screen and select this type of application:
4. Enter the app name (Eg. Team Password Manager) and logo. You can use the our logo located here if you want: https://teampasswordmanager.com/assets/img/public/teampasswordmanager.png. Then click "Save":
5. Enter the Identity Provider details in your installation of Team Password Manager:
5.1 Log into your installation of Team Password Manager and go to Settings (top menu), then "SAML Authentication". Enable SAML Authentication if it's not enabled. Then click on "Edit Identity Provider SAML Settings".
5.2 In OneLogin, in your application summary page, select "SSO".
5.3 Copy the "Issuer URL" value in the OneLogin IdP details and paste it in the "Entity Id" field in Team Password Manager.
5.4 Copy the "SAML 2.0 Endpoint (HTTP)" value in the OneLogin IdP details and paste it in the "Single Sign On URL" field in Team Password Manager.
5.5 Copy the "SLO Endpoint (HTTP)" value in the OneLogin IdP details and paste it in the "Single Logout Service URL" field in Team Password Manager. Note: using this field will make the user log out of all the service providers authenticated using OneLogin when the user logs out of Team Password Manager. If you don't want this to happen (so, only log out of Team Password Manager), leave this field empty.
5.6 Click on "View Details" on the "X.509 Certificate", copy the "X.509 Certificate" value in the certificate screen details and paste it in the "Certificate" field in Team Password Manager.
5.6 Click on "Save" in Team Password Manager and return to your application summary screen in OneLogin.
6. Copy the Service Provider (Team Password Manager) details to OneLogin:
6.1 In OneLogin, in your application summary page, select "Configuration".
6.2 Copy the "Entity Id" value in the "Service Provider Settings" in Team Password Manager to the "Audience (EntityID)" field in OneLogin.
6.3 Enter the following value in the "ACS (Consumer) URL Validator" field in OneLogin: .*
6.4 Copy the "Assertion Consumer Service URL" value in the "Service Provider Settings" in Team Password Manager to the "ACS (Consumer) URL" field in OneLogin.
6.5 Copy the "Single Logout Service URL" value in the "Service Provider Settings" in Team Password Manager to the "Single Logout URL" field in OneLogin.
6.6 Click "Save" in OneLogin.
7. Assign the application to users. To do it go to "Users", select a user, go to "Applications" in the user summary page and click on "+" in the Applications list. Select your application, continue, and in the next screen make sure the email of the user is in the "NameID value" field:
SAML authentication for OneLogin is now configured. To test, do this:
- Make sure you have an Admin/IT normal user in Team Password Manager. If anything goes wrong you'll be able to log in normally.
- Create a SAML user in Team Password Manager, using an email address that matches an email address of a user in your OneLogin account.
- Log out of Team Password Manager and OneLogin.
- Click on "Sign In via SAML" in Team Password Manager. You'll be taken to OneLogin login screen and you'll need to authenticate using the email address of the user just created in Team Password Manager.
- If all goes well, you'll automatically log into Team Password Manager.
Document changelog
| May 11, 2021: | Document created |
