Important: These instructions apply only to Flow on-premises.
Below is a step-by-step guide for connecting your OneLogin account to Flow with SSO. Here is a list of all other SSO hosts we support.
Configuring Your OneLogin SSO Integration
Step 1: Start at your OneLogin home page and navigate to Apps and select Add Apps.
Step 2: In the find applications bar, type 'SAML' and click search.
Step 3: In this list select SAML Test Connector (IdP) w/NameID (Unspec).
Step 4: On this page click Save.
Step 5: You will get this confirmation and these additional fields will be added.
Step 6: In the Info tab make sure you have Display Name and Tab filled out with the name of the company that will be associated with the Flow app.
Step 7: Leave this tab open and in a new browser go to your Flow homepage, navigate to Settings > SSO.
Step 8: Select New SAML Integration.
Step 9: In the Configure SAML integration modal, fill out these two fields:
The Login URL link: in the empty box add the name of your company or organization
Fill out FirstName, LastName and Email as seen below.
You will need to leave this modal up and do not hit save yet. You will be gathering metadata from OneLogin after a few more steps.
Step 10: Next, copy the Login URL from the Flow modal in the previous step.
Leave this Flow browser open and navigate back to where you left off in OneLogin, go to the Configuration tab, paste your URL link into these five fields
Step 11: Click Save.
Step 12: Once clicking Save you will see this message.
Step 13: Go to the Parameters tab, select Add parameter.
Step 14: In this section you will add four separate parameters. For each parameter make sure to check Include in SAML assertion.
The four parameters to add
(Field Name)Roles - (Value)User Roles
(Field Name)FirstName - (Value)First Name
(Field Name)LastName - (Value)Last Name
(Field Name)Email - (Value)Email
After entering the Field Name and checking the Include in SAML assertion, you will be prompted to assign the respective Value from a drop down menu. The Value should match the Field Name.
Step 15: Once you have added all four parameters, the end result will look like this:
The NameID Field is automatically created. You do not need to do anything with this parameter.
For additional instruction, below is a video of adding parameters
Step 16: Click Save after you have added all of your parameters.
Step 17: Under Users click Roles.
Step 18: Select New Role.
Step 19: In this section you will need to:
Select your app, a little check mark will appear indicating you have successfully selected it.
Type Owner in the box.
Click the check box next to Owner to save.
Step 20: Select the Role you just created, which is Owner.
Step 21: Select Users from the top navigation.
Step 22: Search for the user you want to add the role of Owners.
Step 23: Select Add to Role to add to the Role of Owner.
Step 24: Click Save.
Step 25: Go back to the top menu and select APPS.
Step 26: Select the Flow App you just created.
Step 27: Within the app go to the drop down menu More Actions then select SAML Metadata.
Step 28: Open your metadata file and copy the information to your clipboard.
Step 29: Go back to your Flow to the Configure SAML integration and paste the metadata in the Metadata box and then click Save.
Manage Roles within Flow: If you want Flow to manage your roles make sure to check to check this box.
Merge New Users on Email: Check this box if you already have Users invited into your Flow account using non-SSO logins. This will automatically delete the previous logins and force all existing Users to login via your SSO platform.
Step 30: You have successfully connected Flow with your OneLogin account. Your users will now be able to use the login URL, i.e. https://YOUR_DOMAIN/accounts/saml/mycompany to login to GitPrime.
Something went wrong
If you were not able to login to your Flow account using your SAML URL, and you receive an error like the one below, make sure to review the following configuration steps:
Does your sign on URL match the URL in Flow? (Step 10)
Review your Parameters. These Field Names are case sensitive and need to be mapped to their respective values. (Steps 14-15)
If you need help, please email email@example.com for 24/7 assistance.