Integrate OneLogin with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate OneLogin with Portnox™ Zero Trust Network Access.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with OneLogin.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web resource option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name OneLogin for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your OneLogin trusted IdPs settings

In this section, you will access your OneLogin dashboard and find the settings for trusted identity providers (IdPs).

  1. In another tab of your browser, open your OneLogin Trusted IdPs page by accessing the following URL: https://your_tenant.onelogin.com/trusted_idps/, where your_tenant is your tenant name.

    From now on, we will call this tab the OneLogin tab.

  2. Click on the New Trust button in the top-right corner.

  3. In the Trusted IdPs field in the top-left corner, enter a name for this identity provider, and then click on the  ✓  icon.

    In this example, we used the name Portnox Conditional Access but you can use any name you like.

Copy configuration values from the Portnox tab to the OneLogin tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the OneLogin trusted IdP configuration section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Identity Provider Entity ID / Audience URI field to copy the value.

  2. In the OneLogin tab, in the Configurations section, click on the empty field under the Issuer label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  4. In the OneLogin tab, in the SAML Configurations section, click on the empty field under the IdP Login URL label and paste the value copied from Portnox Cloud.

  5. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Copy certificate option to copy the certificate.

  6. In the OneLogin tab, in the Trusted IdP Certificate section, click on the empty field under the X.509 Certificate label and paste the value copied from Portnox Cloud.

Copy configuration values from the OneLogin tab to the Portnox tab

In this section, you will copy the values displayed in the OneLogin trusted IdP setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the OneLogin tab, in the SAML Configurations section, select the value displayed under the SP Entity ID label, and use your operating system’s copy shortcut to copy the value to the clipboard.

  2. In the Portnox tab, in the Resource properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from OneLogin.

  3. In the Portnox tab, in the Resource properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the following value: https://your_tenant.onelogin.com/access/idp, where your_tenant is your OneLogin tenant name.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and OneLogin.

  1. Finalize the configuration in the Portnox tab.
    1. Optional: In the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Save and Close button.

  2. Finalize the configuration in the OneLogin tab.
    1. In the Enable/Disable section, activate the Enable Trusted IdP checkbox.

    2. In the Configurations section, activate the Sign users into OneLogin checkbox.

    3. In the Login Options section, activate the Show in Login panel checkbox, and in the Login icon field, enter a public URL of an image file that will be displayed on the login screen to represent Zero Trust Network Access (for example, your company logo).

    4. Click on the Save button in the top-right corner.

    5. In the list of trusted IdPs, click on the IdP that you just saved to edit it.

    6. In the top-right corner, click on the More Actions button, and select the Set as default Trusted IdP option from the drop-down menu.
      Note: We recommend setting this option after you tested the OneLogin configuration. If you turn on this option, all users will be forced to log in using Zero Trust Network Access, which means that if you made a mistake during configuration, all users including yourself may be locked out of OneLogin.

Result: You have configured OneLogin to be accessible using Portnox Zero Trust Network Access.