# OneLogin

## Overview

[OneLogin](https://www.onelogin.com/) provides a cloud-based identity and access management (IAM) solution that offers simple single sign-on (SSO), making it easier for companies to secure and manage access to web applications.

## Setup Labii SSO with OneLogin

To use OneLogin as your SAML IdP to connect with Labii:

1. Register an account with OneLogin.
2. Create an App at **Apps -> SCIM Provisioner with SAML (SCIM v2 Core).**
3. On the **Info** page, set the **Display Name** as **Labii**.
4. On the **Configuration** page:
   1. Copy the **Acs url** from Labii to **SAML Audience URL**, **SAML Consumer URL**.
   2. Copy **SCIM Base UR**L from Labii to **SCIM Base URL**
   3. Copy **SCIM Bearer Token** from Labii to **SCIM Bearer Token**
   4. Enable the **API Status**
5. On the **Parameters** page, add the parameters of `email, first_name, last_name, username` as following parameters.\
   Please check **Include in SAML assertion**

   \
   `email -> Email`\
   `first_name -> First Name`\
   `last_name -> Last Name`\
   `username -> Email`
6. On the **SSO** page, do the following copy and paste:
   1. Issue URL -> Metadata auto conf url
   2. SAML 2.0 Endpoint (HTTP) -> Idp login url
   3. SLO Endpoint (HTTP) -> Idp logout url
7. On the **Provisioning** page, check **Enable provisioning**
8. Go to the **Users** tab, Click **Applications**, and assign the user to the newly created App.