How to set up Single Sign-On with OneLogin
Step-by-step guide on how to set up Single sign-on integration with OneLogin
- Single Sign-On
- Single Sign-On in Targetprocess
- How to set up Single Sign-On with Google G Suite (formerly Apps for Business )
- How to set up Single Sign-On in Targetprocess with Okta
- How to set up Single Sign-On for Targetprocess with ADFS 2.0
- How to set up Single Sign-On to Targetprocess with other SAML 2.0 Identity providers
Targetprocess supports most of the SAML 2.0 compatible providers including Okta, OneLogin, Bitium and ADFS 2.0.
Integrating with OneLogin involves the following four steps:
- Adding Targetprocess as an application in OneLogin
- Configuring OneLogin details in Targetprocess
- Assigning Targetprocess Application to Users in OneLogin
- Testing SSO in Targetprocess
Detailed steps are provided below.
1. Adding Targetprocess as an application in OneLogin
Log in to your OneLogin Admin account, select 'Apps' and then choose ‘Add apps’ in dropdown menu. Use "OneLogin SAML Test (SP)" application
- Set application name, e.g. “Targetprocess” and click “Save” to proceed to profile settings
Now you need to log in as administrator to your Targetprocess account and get out your “Single sign on URL” for OneLogin. In Targetprocess its called “Assertion Consumer URL” and can be found at Settings > Authentication and Security > Single Sign-On.
Copy the URL. e.g. “https://your_account.tpondemand.com/api/sso/saml2” and paste into ““ Login URL” in OneLogin.
- Paste same value into “SAML Consumer URL”
Select “Email” on “Parameters” tab as shown below.
Now select “SSO” tab in OneLogin.
2. Configuring OneLogin details in Targetprocess
On the ‘SSO’ tab of your application in OneLogin copy "SAML 2.0 Endpoint (HTTP)" and paste it into “Sign-on URL” field in Targetprocess SSO settings.
- Click on 'View details' under X.509 certificate, copy certificate and paste in Targetprocess into “Certificate” field
Note: You need to create certificates in OneLogin before using them, please find additional details in OneLogin "Multiple SAML certificates" guide
Next you can enable JIT PRovisioning, disable native Targetprocess login form and some users to SSO exceptions list if needed. More information about these settings can be found in “Single Sign-On in Targetprocess” guide.
Targetprocess settings overview:
3. Assigning Targetprocess Application to Users in OneLogin
After completing the configurations in Targetprocess you need to ensure that users are assigned to Targetprocess application. OneLogin provide various ways to assign users, for testing purposes we can assign a single user under "USers" > "All Users" > [click on user name] > "Applications tab". Click on '+' sign to assign your testing user to Targetprocess application.
Additional information about assigning users to applications in OneLogin can be found in "Assigning Apps to Users"
4. Testing SSO in Targetprocess
- Logout from Targetprocess (click on avatar picture and choose “Logout”)
- Open your Targetprocess URL in browser - https://YOUR_ACCOUNT.tpondemand.com/. Now two scenarios are possible:
- if you have disabled Targetprocess login form - browser will redirect you to OneLogin login page and then to Targetprocess UI
- if you have mixed mode enabled - you’ll have to to click “Log in using Single sign-on” on Targetprocess login page.
There are following common problems with SSO:
Error 404 Not found - this means incorrect URL either in Targetprocess SSO settings or in OneLogin application settings. Please double-check your settings in OneLogin and Targetprocess to make sure URLs are valid
- You’re getting “Sorry, you can't access Targetprocess because you are not assigned this app in OneLogin” error. To resolve this problem make sure that your user is assigned to Targetprocess application on step 3 and you’re using correct account to login to Targetprocess.
Other problems are less common and we'd recommend you to check your OneLogin events log to find out more details or look into Targetprocess System log
Still have a question?
We're here to help! Just contact our friendly support team