Submit a ticket My Tickets
Login  Sign up

OneLogin SAML SSO Setup Guide

This documentation describes the SAML Single Sign-on feature guide for the account/user. The document includes detailed steps for activating the SAML SSO feature and configuration steps for OneLogin. 

To get access to the SAML Single Sign-on for the account/user, the following steps should be completed:

  1. The subscription plan should support SAML Single Sign-on  

  2. The account should be active

  3. The super admin of the account and users should be active


SAML SSO Configuration Steps for OneLogin

  1. Login to the main user’s account

  2. Go to the settings and click on SAML Single Sign-on

  3. Click the Connect Identity Provider button

  1. On the opened page, enter the connection name 

  2. Copy the Assertion Consumer Service URL and add it to the OneLogin app configuration page

Note: OneLogin IdP requires only an ACS URL, so there is no need to provide an Entity ID URL.

  1. Download the SAML metadata from IdP after adding the ACS URL

  1. Upload the downloaded metadata to the platform 

  2. Enable or Disable the “Force IdP Re-authentication” option 

  3. Enable or Disable the “Prepopulate the User Email Address” option

  4. Click the Create Connection button 

  5. Your connection is created!

Note: Make sure your users are assigned to your application. After creating the connection, the main user of the account and sub-users get an opportunity to sign in via SAML SSO. 

There is an opportunity to specify your domains which will be used to sign in via SAML SSO. For instance, if we add it means only the email addresses registered on the platform and IdP side, which include will be allowed to sign in via SSO. If the domains are not added, all your email addresses will be allowed to sign in via a SAML connection. 



  1. Once the connection is created, all the users in your account will be able to sign in via SAML SSO. The standard flow for signing in using credentials and Oauth (Google, Microsoft) is not available for account sub-users if the SAML connection is created. If you disconnect SAML, the standard sign-in flows will be available.

  2. The main user of the account can always sign in using credentials, and OAuth regardless of the SAML connection state.

Before signing in via SAML SSO,  make sure your users on our platform and IdP side are added and their email addresses are the same on both sides. 

Steps to Sign in Via SAML SSO

  1. Navigate to the Sign-in page and click the Sign-in with SSO link

  1. Enter your email address and click the Continue button 

  1. You will be redirected to the OneLogin side to provide the username and password 

  1. After passing the authentication on the OneLogin side, you will be  redirected to your account on our platform 

Information about SAML Single Sign-on Login Session. 

OneLogin requires the username for the 1st sign-in, then only the password.

Contact us for further information, or read our SSO SAML user guide to configure SSO setups for other identity providers. 

PowerDMARC is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.