This article is intended to get you up and running with OneLogin as your SSO provider with Nucleus.
Note: You will need superadmin access within your OneLogin console to set up the Nucleus app.
You will need to tell your Nucleus support representative that you are setting up SSO. They will send you the relevant information to interface with your Nucleus instance, including relevant URLs.
1. Log into your OneLogin console
2. Click the Administration link in the top right of the screen.
3. Navigate to Applications > Applications
4. Click Add App
5. Search saml test in the search bar
6. Scroll down the list until you find SAML Test Connector (Advanced)
Note: This should be the first entry in the list
7. Add the following information:
- Display Name: This should be a descriptive name for the application so you know what it is in your list of apps. This is what your employees will see in their OneLogin consoles. EX: Nucleus
- Visible in Portal: Generally want to make sure this is enabled so that users can see this application in their console
- Upload an Icon: you are able to upload a Nucleus logo to be displayed with the name
8. Click Save
9. Click the Configuration tab in the lefthand navbar
10. Enter the following information into the resulting window:
- ACS (Consumer) URL Validator: Use the url which was given to you by your Nucleus support representative
- ACS (Consumer) URL: Use the url which was given to you by your Nucleus support representative
- Login URL: Use the url which was given to you by your Nucleus support representative
- (Optional) SAML not valid before: Can use the default settings here, but change based on your organization's policy
- Leave everything else the same
An example configuration (For close up view, right click on the image and select Open Image in New Tab):
11. Click on the Parameters tab in the lefthand sidebar
12. Click the + button to add the following parameters (IMPORTANT: Make sure that "Include in SAML assertion" is checked for all parameters as added):
- email: Value of Email
- firstname: Value of First Name
- lastname: Value of Last Name
- (Optional) group: This allows Nucleus to see which groups the user belongs to for the app, and allows you to manage all user permissions to Nucleus through OneLogin
- (Optional) roles: This allows Nucleus to see which groups the user belongs to for the app, and allows you to manage all user permissions to Nucleus through OneLogin
Final Result (For close up view, right click on the image and select Open Image in New Tab):
13. Click on the Access Tab in the lefthand sidebar
14. Add whichever users and roles you would like to add to the Nucleus SSO application
15. Click on the More Actions dropdown in the top righthand corner of the screen and select Download SAML metadata
16. Save the xml file and Send it to your Nucleus support representative.
17. Click Save in the top right corner of the OneLogin browser window
You are all done! Once you send over your SAML metadata, your organization should be enabled for SSO within 24 hours. Your Nucleus support representative will have more information for you.