SSO (SAML 2.0) Integration with OneLogin

Follow these directions to integrate ContractSafe with OneLogin

Initial Setup

1. From the admin page, navigate to the Applications panel
2. In the top right corner, click Add App
   
3. Search for and select SAML Custom Connector (Advanced)
4. Rename the application to your liking. We like to use “ContractSafe”
5. Click the Save button in the top right corner
6. Optionally, assign a logo to your application. We use this logo:
   

Configuration

1. Login to ContractSafe
   1. Go to Settings > Security & Integrations and enable Single SignOn
   2. Click Generate to obtain a Saml2 Single Sign On URL and copy it for use later
   3. In the Email Identifier name field enter emailAddress
      
2. Back in Onelogin, navigate to Configuration from the panel on the left
   hand side
   1. Paste the url we copied above into Audience, Recipient, and ACS
      (Consumer) URL
   2. In ACS (Consumer) URL Validator paste the same url but with a
      backslash (\) character inserted before each forward slash, period,
      and underscore. See example image below
      
   3. Change the SAML issuer type to Generic
   4. Change the SAML signature element to Both
3. From the panel on the left, navigate to Parameters
   1. Click the blue plus symbol on the right to add a new parameter
      
   2. In Field name type emailAddress and check the Include in SAML
      assertion checkbox. Then click Save
   3. Select Email from the Value dropdown and click Save
4. From the panel on the left, navigate to SSO
   1. Under SAML Signature Algorithm select SHA-256
5. From the Users page, ensure that all users (or groups) allowed access to
   ContractSafe are listed here. Email addresses must match between
   Onelogin and ContractSafe.
6. Click More Actions > SAML Metadata to download a metadata file
7. Back in ContractSafe Settings > Security and Integrations, upload that
   metadata file and click Save
8. Finally, navigate to your OneLogin homepage to test your new login
   button!