This step-by-step guide explains how to set up SINGLE SIGN-ON (SSO) in the Wellness360 admin portal with OneLogin as your SAML 2.0 Identity Provider (IdP).
SSO-SAML with OneLogin can be -
Service Provider Initiated SSO (SP-initiated): Users can log in to the Wellness360 user portal, and OneLogin will authenticate the user.
Identity Provider Initiated SSO (IdP-initiated): Users can log in to OneLogin and select the Wellness360 portal and app.
Note:
To configure SSO and create a SAML application for Wellness360 with OneLogin, you must have administrative access to OneLogin and Admin portal.
The same login credentials must be used for Wellness360 and OneLogin.
Steps to Configure SSO with OneLogin:
Step 1. You will need to add Wellness360 as an application for OneLogin
1. From the menu at the top, navigate to Applications and then click on Applications.
2. In the upper right, click the Add App button.
3. In the search box, enter SAML Custom and then click SAML Custom Connector (Advanced).
4. A new Configuration window will open with Display Name enter a name for your app, such as Wellness360, and then click the Save button.
5. After clicking on Save a new application will be created where you need to fill in the details to complete the setup.
Step 2. Configuring in OneLogin
In OneLogin, find 'Configuration' on the left sidebar and click on it.
In the RelayState field, enter your company’s user portal URL, for example:
https://yourcompany.livewellness360.com/samlsso. Make sure to replace {yourcompany}with your actual company name. If you're not sure about your company URL, please contact your account manager or email our support channel at support@wellness360.coIn the Recipient and ACS (Consumer) URL and Validator fields, please enter the URL given here: https://api.livewellness360.com/saml/SSO. As shown in the below image.
While in the Configuration section scroll down to find the SAML encryption method and use the drop-down button to change it to AES-256-CBC as shown in the below image.
Click on the 'Save' icon located top right corner of the window.
Step 3. Adding parameters in OneLogin
Select Parameters from the left sidebar in OneLogin, and click the "+" to add parameters
Add the following parameters:
1. Field name: firstName and click on Save, then change the value: First Name and make sure to check "Include in SAML assertion" and click on Save to add the parameter.
2. Field name: lastName and click on Save, then change the value: Last Name and make sure to check "Include in SAML assertion" and click on Save to add it to the list.
3. Field name: Email and click on Save, then change the value: Email and make sure to check "Include in SAML assertion" and click on Save to add it to the list.
4. Click on 'Save'.
Step 4. SSO configuration in OneLogin.
1. In OneLogin, find SSO on the left sidebar and click on it.
2. From the SSO tab please change the SAML Signature Algorithm from SHA-1 to SHA-256 and Click on Save.
3. While in the SSO tab please take note of the following information:
- Issuer URL: Copy the Issuer URL from the OneLogin, SSO Section by selecting the ‘Copy to Clipboard' icon. Save this URL somewhere, so that you can use it when configuring SSO settings in the Wellness360 Admin Portal.
- IDP Metadata File: Click on the More Actions icon at the top right corner find SAML Metadata from the drop-down and click on it to download. This is used to configure the SSO setting in the Wellness360 Admin Portal.
Step 5. Configuring SSO Settings in Wellness360 Admin Portal.
Note: Only the wellness program administrator will be able to perform the steps discussed below.
1. Log in to your Wellness360 portal admin account. Click on the SSO Settings tab on the left menu bar.
2. Once in the SSO settings window, you will need to enter
- Entity ID
- Identifier
- Upload IDP Metadata File.
Entity ID: To obtain the correct Entity ID, please copy only the last segment of the Issuer URL provided in your OneLogin SSO configuration. For example:
https://app.onelogin.com/saml/metadata/7490d633-2710-4faf-8ae1-8ef785dcf7af. You should copy7490d633-2710-4faf-8ae1-8ef785dcf7afand paste it into the Entity ID field on Wellness360's SSO Settings page, as illustrated in the image below.
Note: This URL is just an example; you will receive a unique Issuer URL specific to your organization during the OneLogin configuration.Identifier: Copy the Issuer URL from the OneLogin, SSO Section by selecting the ‘Copy to Clipboard' icon. Paste the value in Wellness360 in the Identifier URL.
IDP Metadata File: You must attach the downloaded IDP Metadata file in the Wellness360 Admin Portal under the SSO settings tab as seen below.
After adding the Metadata File to Wellness360 Admin Portal click on Save. Now you can see a Secret Key is generated here and clicking on Update will successfully save the SSO Settings in the Wellness360 Admin Portal.
OneLogin value | Wellness360 Field |
Issuer URL last field | Entity ID |
Issuer URL | Identifier URL |
SAML Metadata | IDP Metadata File for authentication |
Step 5. Enforce SSO for your organization
In OneLogin, assign Wellness360 to all users. All the users must have the same email addresses for Wellness360 and OneLogin.
When SAML SSO is enforced, all the users will be logged out of their accounts. When they sign in again to their Wellness360 portal, they will be required to use SSO to log in.
If you have any questions or would like additional help, please reach out to Wellness360 support for further assistance.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article