OneLogin SSO configuration and provisioning
On this page
Introduction
OneLogin provides a smart and simple way to eliminate passwords and automate user management for SolarWinds Service Desk (SWSD). You can integrate Active Directory through OneLogin.
If you don’t already have OneLogin, begin by navigating to the OneLogin home page and proceed to the OneLogin free trial at http://www.onelogin.com/partners/app-partners/samanage. You will be re-directed back into your account and have selected a password. After you’re within your OneLogin account, let's get started on setting up SWSD.
You can simultaneously connect OneLogin and Google.
Navigation
See separate navigation for OneLogin and SWSD below.
Configuration and user provisioning
OneLogin Platform
- From the OneLogin platform, navigate to Apps > Add Apps.
-
Search for SolarWinds that is a SAML 2.0 connector and select it.
You may edit the Display Name if desired.
-
Ensure that SAML2.0 - user provisioning is selected under Connectors.
- Click Save.
- Select the Configuration tab.
-
Enter your account name into the corresponding field.
You can find your Account name by navigating to Setup > Service Portal. Look at the URL listed in the first paragraph. The first section is your account name. Example https://[ACCOUNT NAME].samanage.com.
ESM customers need to edit all domain/account name references to redirect SSO to the organization level. For example:
https://org-ACCOUNTNAME.samanage.com/saml/metadata
orhttps://org.[DOMAINNAME]/saml/metadata -
Enter the credentials of an SWSD administrator account in the API Username and API Password fields.
-
Under API Status, click Enable.
-
Click Save.
-
Select the SSO tab.
-
Copy down the SAML2.0 Endpoint (HTTP) URL.
-
Under the X.509 Certificate, click View Details.
-
Select the Clipboard Icon to copy the entirety of the X.509 Certificate string.
The URL and Certificate is added to SWSD to confirm the SAML SSO connection.
SolarWinds Service Desk
- In SWSD navigate to Setup > Account > Single Sign-On.
-
Place your OneLogin SAML HTTP endpoint on the SAML 2.0 Endpoint(HTTP).
-
For the Logout URL, SolarWinds recommends listing https://[ACCOUNT NAME].onelogin.com.
ESM customers need to edit all domain/account name references to redirect SSO to the organization level. For example:
https://org-ACCOUNTNAME.samanage.com/saml/metadata
orhttps://org.[DOMAINNAME]/saml/metadata -
Paste the entirety of your X.509 Certificate string in the large form.
-
If you wish to enable Just In Time Provisioning, check the following box: Create users if they do not exist.
-
If you plan to disable the current login option (username & password), check the following box: Redirect to the SAML login page when logging into SolarWinds Service Desk by default.
-
Click Update.
After you have completed configuration for both OneLogin and SWSD, navigate to your SolarWinds https://[ACCOUNT NAME].samanage.com to confirm that you are able to log in.
Steps for ESM provisioning
Step 1: Ensure provisioning at the organization level
Before you begin, determine whether your organization has already performed any provisioning.
-
For those who previously provisioned before migrating to ESM
Replace the token in the existing app with the token from the organization. Do not make any changes to the URL.
-
For those who have never provisioned
Provision users to the organization level. If your provisioning provider allows you to provision roles, you can also do that here.
-
Create a dedicated app in your provisioning provider platform.
-
Use the organization token for the provisioning process.
-
Use the organization URL.
-
Step 2: Provision at the service provider level
If you want service providers to be able to create roles and manage them at the service provider level, follow these steps:
-
Create a dedicated app in your provisioning provider platform.
-
Use the organization token for the provisioning process.
-
Use the specific service provider organization URL.
-
-
Repeat the role-provisioning process for any service provider that should be able to create and manage roles.