Authenticate access to applications with OneLogin

You can authenticate user access to applications with the OneLogin service.

Prerequisite:
Set up [OneLogin account] (https://www.onelogin.com).

1. Log in to your OneLogin portal.

2. Select Apps > Add Apps.

3. In Find Applications select SAML Test Connector (IDP w/ attr w/ sign response) to open it.

4. On the application page click SAVE.
   A new page appears.

5. Select Configuration and configure the following:

YOUR-IDP-NAME is the name of your IdP. For example, if YOUR-IDP-NAME is oneloginidp, then the value for Audience, ACS (Consumer) URL Validator, and ACS (Consumer) URL is https://oneloginidp.login.go.akamai-access.com/saml/sp/response. The values for the Audience, URL Validator, and the URL fields must match the values of the OneLogin instructions specified in your EAA admin portal.

1. Select Parameters > MemberOf from Value.

2. Click SAVE.

3. Select @SAML Metadata from More Actions to download the metadata file.
   This file is for Enterprise Application Access configuration.

4. Click SAVE and return to Enterprise Center.

5. In the Enterprise Center navigation menu, select Application Access > Identity & Users > Directories.

6. Click Add New Directory (+).

7. Type a name and description, and Service type and click Add New Directory.
   The configuration page appears.

8. Enter your company name in the URL field as it appears after the OneLogin host when you connect to OneLogin.

9. In the Upload IDP Metadata File field, upload the OneLogin metadata file that was saved in previous steps.

At this point, your OneLogin directory is connected to the EAA Cloud. When you secure an additional application with the Enterprise Application Access service, select this new directory in the Authentication when you configure your application.
If an application is already associated with the your Microsoft Active Directory, click CHANGE SERVICE in the Authentication to select your SAML provider as the authentication source.