Below is a step-by-step guide for setting up OneLogin as the SSO provider for Flow Enterprise Server.
Important: These instructions apply only to Flow Enterprise Server.
-
Start following the instructions to create an application connector using the OneLogin SAML test connector (external site, opens in a new tab).
-
Select SAML Test Connector (IdP) w/NameID (Unspec) as your connector. Click Save.
-
In the Info tab, make sure the Display Name and Tab are filled out with your organization’s name.
-
Go to the Configuration tab.
-
-
In a new tab, open Flow.
-
In the top navigation, click Settings.
-
In the left navigation, click SSO under User management.
-
Click Add SAML integration.
-
In the Configure SAML modal, fill in the Entity ID/ Sign in URL field with the URL you will use to log in with after you configure your integration. You can use your organization name or something else, but it must be unique.
-
In the Full name field, add FirstName LastName. This field is case-sensitive and must match exactly as documented here.
-
In the Email field, add Email. This field is case-sensitive and must match exactly as documented here.
-
Copy the Entity ID/Sign in URL from the Configure SAML modal. Do not save yet. Go back to OneLogin.
-
On the test connector Configuration page, paste the Sign in URL in the following fields:
-
RelayState
-
Audience
-
Recipient
-
ACS (Consumer) URL Validator
-
ACS (Consumer) URL
-
-
Leave the Single Logout URL field blank.
-
Click Save.
-
Add four parameters in the Parameters tab. For each parameter, make sure to check Include in SAML assertion. These parameters are case sensitive and must match exactly.
-
Field name: Roles
-
Value: User Roles
-
-
Field name: FirstName
-
Value: First Name
-
-
Field name: LastName
-
Value: Last Name
-
-
Field name: Email
-
Value: Email
-
-
-
Once you’ve added these four parameters, you will have five total parameters. The NameID parameter is automatically created. Do not edit or change this parameter.
-
Click Save.
-
Create a new role called Owner. Assign users to this role as desired (external site, opens in new tab).
-
Copy the SAML Metadata (external site, opens in new tab) from OneLogin. Go back to Flow.
-
In Flow, paste the metadata in the Metadata box of the Configure SAML Integration modal.
-
Enable optional settings if desired:
-
Manage Roles within Flow: If you want Flow to manage your roles, check this box.
-
Merge new users on Email: If you already have users in Flow with non-sso logins, check this box. This option automatically deletes previous logins and forces all existing users to log in via your SSO platform.
-
-
Click Save. Your OneLogin integration is now complete in Flow.
Once these steps are completed, users can use the Sign in URL set up above to log in to Flow.
Troubleshooting
If you are not able to log in to Flow using your SAML URL, review the following configurations:
-
Make sure your SAML URL matches the URL in Flow
-
Review your parameters. Field names are case sensitive and must be mapped to their respective values.