SafeTitan supports the OIDC federation protocol for SSO integration with OneLogin. The configuration steps for setting up this integration are listed below. It is broken into 2 steps:

  1. Register Application in your OneLogin administration portal.
  2. Update Authentication Settings in your SafeTitan portal.

Register Application in OneLogin Admin Portal

The first step is to register the SafeTitan application within your OneLogin portal. This will generate an application id and allow for your application to receive security tokens. 

When the SafeTitan application provides the generated application ID during the authentication flow, OneLogin will then provide a level of trust by providing the authenticated security token to SafeTitan to progress with login. 

The steps involved in registering the application are listed below:

  • Sign in to your OneLogin admin portal and select Apps.
  • Select Add App to add your new app registration.

  • In the next screen, search for OIDC or OpenID Connect and then select OpenID Connect (OIDC) app.

  • Give the app registration a name like CRA APP.
  • In the next screen (Confguration), Add the following Redirect URLs' and click Save
    • https://{your-company-name}
    • https://{your-company-name}

  • Open the SSO Tab and copy / make note of the Client ID and Client Secret. They will be needed for configuration on the SafeTitan portal. 
  • Click Save

Configuration on SafeTitan

The last step is to add the minimal configuration needed to your SafeTitan portal.  

  • Login to your SafeTitan portal as an administrative user.
  • From the menu on the left, select Settings and then Authentication Settings:

  • From the Authentication Type drop-down, select OpenID.
  • For IDP Select other.

  • For each of the fields, provide the values:
    • Post logout redirect URI : https://{your domain name}
    • Redirect URI: https://{your domain name}
    • Authority: Your Issuer URI from the Onelogin admin portal.
    • Client Id: This should be the Client ID field you will have been provided with from the OneLogin application registration. See above.
    • Client Secret: This should be the Client Secret field you will have been provided with from the OneLogin application registration. See above.
    • Domain Hint:
    • Username Claim: This will default to preferred_username if left blank, but it can be updated to a claim of your choosing, an example of the UPN claim would be:
  • Click Save

This concludes the setup. Please note that it may take one day for the changes to take effect,