Set Up Single Sign-on with OneLogin

Red Canary supports single sign-on (SSO) to any SAML-compliant identity provider. OneLogin is a commonly used identity provider that you can use to control access to Red Canary.

Step 1: OneLogin–Set up single sign-on

1. Login to your OneLogin Administration portal.

2. Click Apps > Add Apps.

3. Search for and select SAML Test Connector (IdP) (the type should be SAML 2.0).

4. Set Display Name to Red Canary.

5. Click Save.

6. Select the Configuration tab.

7. Set Audience to the value listed in the Red Canary SSO configuration's Entity / Issuer value.

8. Set Recipient to https://.my.redcanary.co/saml_sp/consume

9. Set ACS (Consumer) URL Validator to https://.my.redcanary.co/saml_sp/consume

10. Set ACS (Consumer) URL to https://.my.redcanary.co/saml_sp/consume

11. Select the Parameters tab.

12. Click Add Parameter.

13. Under Field Name, select Email and check Include in SAML assertion.

14. Save all changes in OneLogin. 

15. Click the SSO tab to find the values you will need to enter into Red Canary.

16. Click your user icon at the top right of your Red Canary, and then click Single Sign-On.

17. Paste the certificate you downloaded in the previous step into the Identity Provider x509 Cert (Base64 encoded) field.

18. Set Identity Provider SSO Target URL to the OneLogin application's SAML 2.0 Endpoint (HTTP).

19. Set Identity Provider SLO Target URL to the OneLogin Application's SLO Endpoint (HTTP).

20. Set Identity Provider Entity ID to the OneLogin application's Issuer URL.

21. Set Email Attribute to Email.

22. Check This SSO configuration should be active (found at the top of the page).

23. Click Save.