SSO Configuration: OneLogin

Integrating your company's Single Sign-On (SSO) solution with the World Manager platform offers a convenient and secure way for all employees to access the platform. By integrating with the popular identity provider (IdP) OneLogin for SSO, you can enable employees to authenticate into your World Manager platform using their existing company credentials. Follow these instructions to configure the integration with OneLogin.

Prerequisites

  • Admin access to OneLogin

OneLogin Configuration

Add an Application

1. Log into Okta: https://app.onelogin.com/login

2. Go to Applications → Applications

3. Click on the “Add App” button

4. In the (search) text field, enter SAML Custom Connector (Advanced)

5. Click on the “SAML Custom Connector (Advanced)” result that appears (to add)

6. Enter a (unique) name for the app + enable the “Visible in portal” option, then click on the “Save” button

Tip: For the purposes of this article, we have used ‘WM Platform SSO’ as the name. However, we recommend using a name that is unique/specific to your World Manager platform.

Configuration

1. Click on the ‘Configuration’ menu item

2. Complete the following details (below), then click on the “Save” button:

  • Audience (Entity ID)
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/metadata/onelogin
  • ACS (Consumer) URL Validator
    • In the text field, enter: https://<YourPlatformUrl>/login/saml/onelogin
  • ACS (Consumer) URL
    • In the text field, enter: ^https:\/\/<YourPlatformUrl>\/login\/saml\/onelogin

Important: The ‘ACS (Consumer) URL’ field requires a REGEX version of the ‘ACS (Consumer) URL Validator’ value.

  • SAML initiator
    • In the drop-down field, select the “Service Provider” option
  • SAML nameID format
    • In the drop-down field, select the “Persistent” option

Parameters

1. Click on the ‘Parameters’ menu item

2. Action the following (below) to create attributes (aka fields):

  • Email
    • Click on the “+” button
    • In the ‘Field name’ field, enter email
    • Under the ‘Flags’ section, check the “Include in SAML assertion” option
    • Click on the “Save” button
    • In the ‘Value’ drop-down, select the Email option
    • Click on the “Save” button

Important: You can only use a valid email address as the identifier value.

  • First Name
    • Click on the “+” button
    • In the ‘Field name’ field, enter firstName
    • Under the ‘Flags’ section, check the “Include in SAML assertion” option
    • Click on the “Save” button
    • In the ‘Value’ drop-down, select the First Name option
  • Last Name
    • Click on the “+” button
    • In the ‘Field name’ field, enter lastName
    • Under the ‘Flags’ section, check the “Include in SAML assertion” option
    • Click on the “Save” button
    • In the ‘Value’ drop-down, select the Last Name option

Once finished, you should be left with something like this:

Important: To ensure correct functionality, all attribute names must be entered exactly as specified.

SSO

1. Click on the ‘SSO’ menu item

2. Under the ‘Enable SAML2.0’ section, action the following (below):

  • Copy the ‘Issuer URL’ value
  • Copy the ‘SAML 2.0 Endpoint (HTTP)’ value
  • Under the ‘X.509 Certificate’ field, click on the “View Details” link

  • Under the ‘X.509 Certificate’ field, click on the “Download” button

Important: Keep this information handy, as it will be required in later steps.

Create User Attributes

1. Go to Users → Custom User Fields

2. Action the following (below) to create attributes (aka fields):

  • Group UUIDs
    • Click on the “New User Field” button
    • In the ‘Name’ field, enter Group UUIDs
    • In the ‘Shortname’ field, enter groupUuids
    • Click on the “Save” button
  • Country UUIDs
    • Click on the “New User Field” button
    • In the ‘Name’ field, enter Country UUIDs
    • In the ‘Shortname’ field, enter countryUuids
    • Click on the “Save” button
  • Area UUIDs
    • Click on the “New User Field” button
    • In the ‘Name’ field, enter Area UUIDs
    • In the ‘Shortname’ field, enter areaUuids
    • Click on the “Save” button
  • Store UUIDs
    • Click on the “Save and Add Another” button
    • In the ‘Name’ field, enter Store UUIDs
    • In the ‘Shortname’ field, enter storeUuids
    • Click on the “Save” button

Once finished, you should be left with something like this:

Important: To ensure correct functionality, all attribute (aka short) names must be entered exactly as specified.

Tip: Whilst not required, we recommend sorting the order of these fields to go by; Group UUIDs, Country UUIDs, Area UUIDs then Store UUIDs, as this is the field order within your World Manager platform. This can be achieved by clicking, holding and dragging the custom fields above/below each other.

Add User Attributes to App

1. Go (back) to Applications → Applications

2. Click on the name of the app you created (to edit)

3. Click on the ‘Parameters’ tab

4. Action the following (below) to create (additional) attributes (aka fields):

  • Group UUIDs
    • Click on the “+” button
    • In the ‘Field name’ field, enter groupUuids
    • Under the ‘Flags’ section, action the following (below):
      • Check the “Include in SAML assertion” option
      • Check the “Multi-value parameter” option
    • Click on the “Save” button
    • Under the ‘Default if no value selected’ section, action the following (below):
      • Drop-down #1: Select the Group UUIDs (Custom) option
      • Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
    • Click on the “Save” button
  • Country UUIDs
    • Click on the “+” button
    • In the ‘Field name’ field, enter countryUuids
    • Under the ‘Flags’ section, action the following (below):
      • Check the “Include in SAML assertion” option
      • Check the “Multi-value parameter” option
    • Click on the “Save” button
    • Under the ‘Default if no value selected’ section, action the following (below):
      • Drop-down #1: Select the Country UUIDs (Custom) option
      • Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
    • Click on the “Save” button
  • Area UUIDs
    • Click on the “+” button
    • In the ‘Field name’ field, enter areaUuids
    • Under the ‘Flags’ section, action the following (below):
      • Check the “Include in SAML assertion” option
      • Check the “Multi-value parameter” option
    • Click on the “Save” button
    • Under the ‘Default if no value selected’ section, action the following (below):
      • Drop-down #1: Select the Area UUIDs (Custom) option
      • Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
    • Click on the “Save” button
  • Store UUIDs
    • Click on the “+” button
    • In the ‘Field name’ field, enter storeUuids
    • Under the ‘Flags’ section, action the following (below):
      • Check the “Include in SAML assertion” option
      • Check the “Multi-value parameter” option
    • Click on the “Save” button
    • Under the ‘Default if no value selected’ section, action the following (below):
      • Drop-down #1: Select the Store UUIDs (Custom) option
      • Drop-down #2: Select the “Semicolon Delimited input (Multi-value output)” option
    • Click on the “Save” button

Once finished, you should be left with something like this:

Create Role for App

1. Go to Users → Roles

2. Click on the “New Role” button

3. Enter a name for the app + click on the app you created, then click on the “Save” button

4. Click on the ‘Users’ tab

5. In the text field, enter the name of a user you wish to add to the role + click on the “Check” button, then click on the “Add To Role” link

6. Repeat step 5 to assign the role for all applicable accounts

7. Click on the “Save” button (when finished)

Assign UUID Values

1. Go to Users → Users

2. Find + open the properties of a user you wish to configure UUID data for

3. Under the ‘Custom Fields’ section, action the following (below):

  • Group UUIDs
    • In the text field, enter a valid Group UUID value

Tip: Currently, it is not possible to obtain Group UUID data from within the platform. Please either contact our Support Team, or use our SOAP API.

  • Country UUIDs
    • In the text field, enter a valid Country UUID value (or values)
  • Area UUIDs
    • In the text field, enter a valid Area UUID value (or values)
  • Store UUIDs
    • In the text field, enter a valid Store UUID value (or values)

Note: In order to assign multiple UUIDs, separate the values with a semicolon ; - e.g. value1;value2.

Important: Not all attributes can be assigned multiple UUID values, as it is dependent on the role the user's account group belongs to. See table below that outlines the data allowed per role:

Role(s) Group UUIDs Country UUIDs Area UUIDs Store UUIDs
World Manager 1x      
National Manager (multi-country) 1x Multiple    
Area Manager (multi-area) 1x   Multiple  
General Manager, Store Manager, Employee (multi-store) 1x     Multiple

4. Click on the “Save” button

5. Click on the “Save User" button (to save)

6. Repeat steps 2 through 4 to assign UUID values for all applicable accounts

UUID Data Requirement

To successfully authenticate a user via SSO, there is a bare minimum requirement of UUID data that needs to be provided, which is dependent on the role the user's account group belongs to. See table below that outlines the data required per role:

Role(s) Group UUID Country UUID Area UUID Store UUID
World Manager      
National Manager    
Area Manager    
General Manager, Store Manager, Employee    

To elaborate on the above, if you were creating a ‘Store Manager’ account, you would only need to provide valid ‘Group UUID’ and ‘Store UUID’ values. The ‘Country UUID’ and ‘Area UUID’ values are not required.

World Manager Configuration

Contact Support

All SSO-related configuration on the World Manager end is handled by the Support Team and is not visible within the platform. So, whenever you are ready to enable this authentication method, please send an email to wmsupport@franconnect.com with the following details:

  • ‘Issuer URL’ value
  • ‘SAML 2.0 Endpoint (HTTP)’ value
  • Under X.509 Certificate file

Note: These values are from the 'SSO' section that you were previously instructed to download/copy.

Was this article helpful?
0 out of 0 found this helpful