Enabling SAML/SSO for Roadmunk with OneLogin
Available on the following plans:
Professional
Enterprise
Terms to Know
Identity Provider - The tool that your team uses to provide Single Sign-On functionality. For this article, we'll be exploring a setup process for OneLogin.
Metadata - Typically an XML file which tells the tools involved with handling your login process how to complete and validate the requests.
Enforced SAML/SSO - A setting which specifies SAML/SSO as the primary login method for all users on your team and default login method for all new users.
As an Account Admin on a Professional or Enterprise plan, you have the option to setup single sign-on authentication method for your team. In the following article, we will explore how you can quickly and smoothly setup OneLogin as your team's SAML/SSO authentication method.
Setting Up Single Sign-On with OneLogin
Step 1 - Getting Started in OneLogin
From your OneLogin Administration page, click into the Applications menu.
In the page that appears, select the blue Add App button in the top-right of your Applications list.
In the Find Applications repository, type "SAML Custom Connector" into the search bar at the top of the page.
Select the option that appears, which should be labelled as SAML Custom Connector and should be labelled with SAML2.0 on the right-hand column.
In the Add SAML Custom Connector page, change the application name to "Roadmunk" and click the blue Save button in the top-right corner of the screen.
Step 2 - Generating the SP Metadata File
After the new app has saved on OneLogin, you'll be taken into the app details menu.
Click into More Actions in the top-right corner of the screen and select the SAML Metadata option in the menu that appears. When prompted, save the onelogin_metadata.xml file to your device.
In another tab, navigate to Roadmunk and click on your avatar in the bottom left corner and navigate to Account Settings.
In the Account Settings menu, click into the Company tab.
Locate the SAML/Single Sign-On (SSO) option at the bottom of the tab and click to toggle it on.
In the menu options that appear, select Upload your IDP XML File and upload the onelogin_metadata.xml file that we saved in Step 2.
Once that file is uploaded successfully, the button labelled Download Roadmunk Metadata will become active. Click this button to download the roadmunk_sp_metadata.xml file to your device.
Step 2 - Generating the SP Metadata File
Navigate back into other tab to view the app details menu on OneLogin.
In the menu on the left-hand side, select Configuration to access your custom Roadmunk app's SAML configuration settings.
To fill out this section, we will need to pull values from the roadmunk_sp_metadata.xml file that we downloaded in Step 2. For easier readability, open a new tab in your browser and drag the XML file into it to view the file contents.
For the configuration values below, search and locate the following values in your metadata file and paste them into their respective fields:
Recipient - Paste the URL found in the Location="URL" value from your metadata file
Audience (EntityID) - Paste the URL found in the entityID="URL" value from your metadata file
ACS (Consumer) URL Validator - Copying the value found in the Recipient field, follow these instructions from OneLogin to format the URL as a secure validator if necessary. Otherwise, place an asterisk (*) in this field
ACS (Consumer) URL - Paste the URL found in the Location="URL" value from your metadata file
Login URL - Enter "https://login.roadmunk.com "
SAML Initiator - Choose the Service Provider option from the drop-down menu
Once the appropriate values have been applied above, click the Save button in the top-right corner to commit these changes.
Step 3 - Finalizing the Roadmunk Setup
Navigating back to Roadmunk, head into the Account Settings menu once more.
Click into the Security tab to access your active login methods.
Clicking into the blue + Login Method button in the top-right corner of your Authentication Methods list, we can now see and select the new SSO option that appears at the bottom of the menu.
Clicking into this will open a OneLogin sign-on screen where you can attach your login to Roadmunk. If you're already logged into OneLogin when attempting this attachment, it should complete automatically.
If the Authentication Methods list doesn't refresh automatically, you can close out of the Account Settings and reopen them from your avatar in the bottom-left corner of your app.
Enabling Multi-Factor Authentication with OneLogin Single Sign-On
OneLogin supports a number of additional authentication layers which can help to provide an extra level of security for you and your team. A great guide on setting up multi-factor authentication for your team in OneLogin can be found here on their Knowledge Base.