Dashboard SSO (OneLogin)

HUMAN uses standard authentication to grant all Dashboard users a simple, secure login experience. However, if your organization uses single sign-on (SSO) to manage internal user accounts across multiple tools, you can configure your SSO platform to access the HUMAN Dashboard. This allows your users to log in to the HUMAN Dashboard through their SSO account and gives your organization greater control over user access and permissions. 

The HUMAN Dashboard offers integrations with the following SSO platforms:

Requirements

Before you begin, you must notify HUMAN that you’d like to enable OneLogin SSO access for your organization. A HUMAN representative will provide you with a set of unique identity credentials that you must provide when you configure your OneLogin instance.

You will also need a OneLogin account with Super User permissions. 

Configure OneLogin

After you’ve obtained the required credentials from HUMAN, you can integrate your OneLogin instance with the HUMAN Dashboard. To configure OneLogin, complete the following steps:

1. Sign in to your OneLogin portal, then navigate to Administration > Applications

2. Select Add App.

onelogin1.png

3. From the Find Applications menu, search for “SAML”, then choose SAML Custom Connector (SAML2.0).

onelogin2.png

4. From the Info tab of the SAML Custom Connector menu, enter “HUMAN Security Dashboard” in the Display Name field. You can also upload an icon for your connector, but an icon is not required.

5. Select Save.

onelogin3.png

6. From the Configurations tab, set the Audience, Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL fields to the values that HUMAN provided you with.

7. From the same tab, verify that each field is set to the following values:

  • SAML not valid before = 3
  • SAML not valid on or after = 3
  • SAML initiator = OneLogin
  • SAML nameID format = Email 
  • SAML issuer type = Generic
  • SAML signature element = Both
  • Encrypt assertion = No (box unchecked)
  • SAML encryption method = AES-128-CBC
  • Send NameID Format in SLO Request = No (box unchecked)
  • Generate AttributeValue tag for empty values = No (box unchecked)
  • SAML sessionNotOnOrAfter = 1440
  • Sign SLO Request = No (box unchecked) 
  • Sign SLO Response = No (box unchecked) 

onelogin4.png

8. From the Parameters tab, set the Credentials are option to Configured by admin.

9. In the same tab, create three custom parameters called email, firstName, and lastName. As you create each parameter, ensure that the Include in SAML assertion checkbox is selected. Then verify that the each parameter is set to the following values:

  • NameID value = Email
  • email = Email
  • firstName = First Name
  • lastName = Last Name

10. From the SSO tab, select SHA-256 from the SAML Signature Algorithm drop-down menu.

11. Select Save to finalize your choices.

onelogin5.png

12. After you’ve created your connector, navigate back to the SSO tab. The Issuer URL and SAML 2.0 Endpoint (HTTP) fields will each contain a URL value. You must send these two URLs to a HUMAN representative so we can finalize your OneLogin integration.

You will now be able to manage your organization's SSO access to the HUMAN Dashboard.