Integrating your company's Single Sign-On (SSO) solution with the World Manager platform offers a convenient and secure way for all employees to access the platform. By integrating with the popular identity provider (IdP) OneLogin for SSO, you can enable employees to authenticate into your World Manager platform using their existing company credentials. Follow these instructions to configure the integration with OneLogin.
Prerequisites
- Admin access to OneLogin
OneLogin Configuration
Add an Application
1. Log into Okta: https://app.onelogin.com/login
2. Go to Applications → Applications
3. Click on the “Add App” button
4. In the (search) text field, enter SAML Custom Connector (Advanced)
5. Click on the “SAML Custom Connector (Advanced)” result that appears (to add)
6. Enter a (unique) name for the app + enable the “Visible in portal” option, then click on the “Save” button
Tip: For the purposes of this article, we have used ‘WM Platform SSO’ as the name. However, we recommend using a name that is unique/specific to your World Manager platform.
Configuration
1. Click on the ‘Configuration’ menu item
2. Complete the following details (below), then click on the “Save” button:
-
Audience (Entity ID)
- In the text field, enter:
https://<YourPlatformUrl>/login/saml/metadata/onelogin
- In the text field, enter:
-
ACS (Consumer) URL Validator
- In the text field, enter:
https://<YourPlatformUrl>/login/saml/onelogin
- In the text field, enter:
-
ACS (Consumer) URL
- In the text field, enter:
^https:\/\/<YourPlatformUrl>\/login\/saml\/onelogin
- In the text field, enter:
Important: The ‘ACS (Consumer) URL’ field requires a REGEX
version of the ‘ACS (Consumer) URL Validator’ value.
-
SAML initiator
- In the drop-down field, select the “Service Provider” option
-
SAML nameID format
- In the drop-down field, select the “Persistent” option
Parameters
1. Click on the ‘Parameters’ menu item
2. Action the following (below) to create attributes (aka fields):
-
Email
- Click on the “+” button
- In the ‘Field name’ field, enter
email
- Under the ‘Flags’ section, check the “Include in SAML assertion” option
- Click on the “Save” button
- In the ‘Value’ drop-down, select the
Email
option - Click on the “Save” button
Important: You can only use a valid email address as the identifier value.
-
First Name
- Click on the “+” button
- In the ‘Field name’ field, enter
firstName
- Under the ‘Flags’ section, check the “Include in SAML assertion” option
- Click on the “Save” button
- In the ‘Value’ drop-down, select the
First Name
option
-
Last Name
- Click on the “+” button
- In the ‘Field name’ field, enter
lastName
- Under the ‘Flags’ section, check the “Include in SAML assertion” option
- Click on the “Save” button
- In the ‘Value’ drop-down, select the
Last Name
option
Once finished, you should be left with something like this:
Important: To ensure correct functionality, all attribute names must be entered exactly as specified.
SSO
1. Click on the ‘SSO’ menu item
2. Under the ‘Enable SAML2.0’ section, action the following (below):
- Copy the ‘Issuer URL’ value
- Copy the ‘SAML 2.0 Endpoint (HTTP)’ value
- Under the ‘X.509 Certificate’ field, click on the “View Details” link
- Under the ‘X.509 Certificate’ field, click on the “Download” button
Important: Keep this information handy, as it will be required in later steps.
Create User Attributes
1. Go to Users → Custom User Fields
2. Action the following (below) to create attributes (aka fields):
-
Group UUIDs
- Click on the “New User Field” button
- In the ‘Name’ field, enter
Group UUIDs
- In the ‘Shortname’ field, enter
groupUuids
- Click on the “Save” button
-
Country UUIDs
- Click on the “New User Field” button
- In the ‘Name’ field, enter
Country UUIDs
- In the ‘Shortname’ field, enter
countryUuids
- Click on the “Save” button
-
Area UUIDs
- Click on the “New User Field” button
- In the ‘Name’ field, enter
Area UUIDs
- In the ‘Shortname’ field, enter
areaUuids
- Click on the “Save” button
-
Store UUIDs
- Click on the “Save and Add Another” button
- In the ‘Name’ field, enter
Store UUIDs
- In the ‘Shortname’ field, enter
storeUuids
- Click on the “Save” button
Once finished, you should be left with something like this:
Important: To ensure correct functionality, all attribute (aka short) names must be entered exactly as specified.
Tip: Whilst not required, we recommend sorting the order of these fields to go by; Group UUIDs, Country UUIDs, Area UUIDs then Store UUIDs, as this is the field order within your World Manager platform. This can be achieved by clicking, holding and dragging the custom fields above/below each other.
Add User Attributes to App
1. Go (back) to Applications → Applications
2. Click on the name of the app you created (to edit)
3. Click on the ‘Parameters’ tab
4. Action the following (below) to create (additional) attributes (aka fields):
-
Group UUIDs
- Click on the “+” button
- In the ‘Field name’ field, enter
groupUuids
- Under the ‘Flags’ section, action the following (below):
- Check the “Include in SAML assertion” option
- Check the “Multi-value parameter” option
- Click on the “Save” button
- Under the ‘Default if no value selected’ section, action the following (below):
-
Drop-down #1: Select the
Group UUIDs (Custom)
option - Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
-
Drop-down #1: Select the
- Click on the “Save” button
-
Country UUIDs
- Click on the “+” button
- In the ‘Field name’ field, enter
countryUuids
- Under the ‘Flags’ section, action the following (below):
- Check the “Include in SAML assertion” option
- Check the “Multi-value parameter” option
- Click on the “Save” button
- Under the ‘Default if no value selected’ section, action the following (below):
-
Drop-down #1: Select the
Country UUIDs (Custom)
option - Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
-
Drop-down #1: Select the
- Click on the “Save” button
-
Area UUIDs
- Click on the “+” button
- In the ‘Field name’ field, enter
areaUuids
- Under the ‘Flags’ section, action the following (below):
- Check the “Include in SAML assertion” option
- Check the “Multi-value parameter” option
- Click on the “Save” button
- Under the ‘Default if no value selected’ section, action the following (below):
-
Drop-down #1: Select the
Area UUIDs (Custom)
option - Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
-
Drop-down #1: Select the
- Click on the “Save” button
-
Store UUIDs
- Click on the “+” button
- In the ‘Field name’ field, enter
storeUuids
- Under the ‘Flags’ section, action the following (below):
- Check the “Include in SAML assertion” option
- Check the “Multi-value parameter” option
- Click on the “Save” button
- Under the ‘Default if no value selected’ section, action the following (below):
-
Drop-down #1: Select the
Store UUIDs (Custom)
option - Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
-
Drop-down #1: Select the
- Click on the “Save” button
Once finished, you should be left with something like this:
Create Role for App
1. Go to Users → Roles
2. Click on the “New Role” button
3. Enter a name for the app + click on the app you created, then click on the “Save” button
4. Click on the ‘Users’ tab
5. In the text field, enter the name of a user you wish to add to the role + click on the “Check” button, then click on the “Add To Role” link
6. Repeat step 5 to assign the role for all applicable accounts
7. Click on the “Save” button (when finished)
Assign UUID Values
1. Go to Users → Users
2. Find + open the properties of a user you wish to configure UUID data for
3. Under the ‘Custom Fields’ section, action the following (below):
-
Group UUIDs
- In the text field, enter a valid Group UUID value
Tip: Currently, it is not possible to obtain Group UUID data from within the platform. Please either contact our Support Team, or use our SOAP API.
-
Country UUIDs
- In the text field, enter a valid Country UUID value (or values)
-
Area UUIDs
- In the text field, enter a valid Area UUID value (or values)
-
Store UUIDs
- In the text field, enter a valid Store UUID value (or values)
Note: In order to assign multiple UUIDs, separate the values with a semicolon ;
- e.g. value1;value2
.
Important: Not all attributes can be assigned multiple UUID values, as it is dependent on the role the user's account group belongs to. See table below that outlines the data allowed per role:
Role(s) | Group UUIDs | Country UUIDs | Area UUIDs | Store UUIDs |
---|---|---|---|---|
World Manager | 1x | |||
National Manager (multi-country) | 1x | Multiple | ||
Area Manager (multi-area) | 1x | Multiple | ||
General Manager, Store Manager, Employee (multi-store) | 1x | Multiple |
4. Click on the “Save” button
5. Click on the “Save User" button (to save)
6. Repeat steps 2 through 4 to assign UUID values for all applicable accounts
UUID Data Requirement
To successfully authenticate a user via SSO, there is a bare minimum requirement of UUID data that needs to be provided, which is dependent on the role the user's account group belongs to. See table below that outlines the data required per role:
Role(s) | Group UUID | Country UUID | Area UUID | Store UUID |
---|---|---|---|---|
World Manager | ✅ | |||
National Manager | ✅ | ✅ | ||
Area Manager | ✅ | ✅ | ||
General Manager, Store Manager, Employee | ✅ | ✅ |
To elaborate on the above, if you were creating a ‘Store Manager’ account, you would only need to provide valid ‘Group UUID’ and ‘Store UUID’ values. The ‘Country UUID’ and ‘Area UUID’ values are not required.
World Manager Configuration
Contact Support
All SSO-related configuration on the World Manager end is handled by the Support Team and is not visible within the platform. So, whenever you are ready to enable this authentication method, please send an email to wmsupport@franconnect.com with the following details:
- ‘Issuer URL’ value
- ‘SAML 2.0 Endpoint (HTTP)’ value
- Under X.509 Certificate file
Note: These values are from the 'SSO' section that you were previously instructed to download/copy.