SSO - OneLogin SAML
Security / SSO - OneLogin SAML

The following recommended configuration settings should be utilized when configuring StatusDashboard to authenticate against OneLogin.

OneLogin Settings

Pre-configured StatusDashboard applications exist in the OneLogin application directory which make it easy to configure your environment.  To add StatusDashboard to your OneLogin configuration, search the OneLogin application directory for "StatusDashboard" which should produce two results:

StatusDashboard - Administrator

The Administrator app is for access to the StatusDashboard administration console.  When adding the Administrator app, the only required configuration parameter is the StatusDashboard Customer ID.  You can locate the customer ID by logging into the StatusDashboard administration console and browsing to Security > Single Sign-On > Options > SAML SSO (Admin).  Look for the Entity ID / Issuer field under Service Provider.  The Entity ID / Issuer will appear as a URL: www.statusdashboard.com/xxx/ where xxx is the customer ID that you should enter into the OneLogin app configuration.

StatusDashboard - Dashboard

The Dashboard app is for access to your status dashboard.  When adding the Dashboard app, the only required configuration parameter is the StatusDashboard Domain.  This domain is the URL that hosts your status dashboard - either a subdomain of .statusdashboard.com, or a custom domain alias.

StatusDashboard Settings - Service Provider

In order to configure the StatusDashboard Service Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

x509 Certificate

Select StatusDashboard or Comodo

Select StatusDashboard or Comodo

If your IdP implementation requires a trusted certificate, then choose the Comodo signed certificate (assuming your IdP trusts the Comodo CA certificate). If your IdP does not require a trusted certificate, then choose the StatusDashboard self signed certificate. The StatusDashboard self signed certificate is the preferred option because it has a long expiration time and will not be refreshed whereas the Comodo certificate could be refreshed periodically (requiring you to update your IdP configuration).

Sign AuthN Request

Enabled

Enabled

Sign Logout Request

Enabled

Enabled

Sign Logout Response

Enabled

Enabled

Sign Metadata

Enabled

Enabled


This option can be set either way and is not dependent on the OneLogin configuration.

Signature Algorithm

rsa-sha1

rsa-sha1

Can be set to any signature algorithm.

Digest Algorithm

sha1

sha1

Can be set to any digest algorithm.

Encrypt Name ID

Disabled

Disabled


Include Authentication Context

Enabled

Enabled


StatusDashboard Settings - Identity Provider

In order to configure the StatusDashboard Identity Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

Entity ID / Issuer

Insert the OneLogin Issuer URL.

Insert the OneLogin Issuer URL.


Single Sign-On (SSO) Service URL

Insert the OneLogin SAML 2.0 Endpoint (HTTP).

Insert the OneLogin SAML 2.0 Endpoint (HTTP).


Single Logout Service (SLO) URL

Insert the OneLogin SLO Endpoint (HTTP) and enable the toggle button.

Insert the OneLogin SLO Endpoint (HTTP) and enable the toggle button.


IdP Logout URL

Not required.

Logout Redirect URL


Not required.

x509 Certificate

[x509 cert in PEM format]

[x509 cert in PEM format]

Enter the OneLogin x.509 Certificate.

Require Message Signature

Disabled

Disabled

Require Assertion Signature

Disabled

Disabled

Require NameID Encryption

Disabled

Disabled


Additional Resources

If you are having trouble getting your OneLogin environment working with StatusDashboard, please review our example OneLogin login session to view the SAML login flow, bindings and parameters. 

Still have questions?  Contact our support team.  We're always happy to help with any questions you might have.