OneLogin

SSO integration configuration is done with both OneLogin and OpsRamp. The configuration sets up redirects to the custom branded URL.

Prerequisite

• Partners must register with OpsRamp to get OpsRamp login credentials.
• Provide your custom branding URL (such as <yourwebsitename>.opsramp.com).

OneLogin configuration

To configure SSO integration:

1. From the OneLogin console, select the Applications tab and search for the OpsRamp application.
2. Select OpsRamp application name.
3. Click the Configuration tab, enter the subdomain setting and click Save. Note that the Subdomain setting refers to the custom branding URL.
4. From the SSO tab, copy the following (required for configuration):
   • Issuer URL
   • SAML EndPoints for HTTP
   • x.509 Certificate.

OpsRamp configuration

To configure SSO integration:

1. From All Clients, select a client.

2. Navigate to Setup > Account.

3. Select the Integrations and Apps tab.

4. The Installed Integrations page, where all the installed applications are displayed. Note: If there are no installed applications, it will navigate to the Available Integrations and Apps page.

5. Click + ADD on the Installed Integrations page. The Available Integrations and Apps page displays all the available applications along with the newly created application with the version.
   

6. Search for OneLogin using the search option available. Alternatively, use the All Categories option to search.

7. Click +Add on the OneLogin tile.

   

8. Enter the following information in the Configuration page:

   • Metadata XML: Upload the XML file. This file will have all the information related to Issuer URL, Redirection URL, Logout URL, and Certificate. After you upload the Metadata XML file, these fields are automatically populated.
     Alternatively, you can enter the information in the fields manually.
   • Issuer URL: Identity provider Issuer URL
   • Redirection URL: SAML EndPoints for HTTP
   • Logout URL: URL for logging out
   • Certificate: x.509 Certificate
     
     

9. Provision Username as: There are two ways to provision a user. Select the appropriate option:

   • Identify Provider’s Name Identifier option is selected by default. The user which is created in the SSO portal will reflect in OpsRamp.

   • Identify Provider’s Name Identifier with OpsRamp tenant-unique prefix: This option allows you to:

     • Create usernames with a unique 3-digit alphanumeric prefix, that is generated automatically by the system.
     • Install the same identity provider across multiple OpsRamp tenants.
       Note: Once you enable this option and install the integration, you cannot revert your changes.
       Example: There are three partners, Partner P1, P2, and P3. Each partner has usernames created with unique 3-digit alphanumeric prefix, like g0z.username1 for partner P1, p0w.username1 for partner P2, and t9q.username1 for partner P3.
       
       

10. Click Next.

11. In the Inbound page:
    User Provision:

    • Select the following details and click Update User Provision:
    • Provision Type: If you select provision type as JIT, JIT user is created during user login.
    • Default Role: The required user role.
      
      

    

12. Define the following Map Attributes:

    Note: The OpsRamp properties Primary Email, First Name, Last Name, and Role are required.
    

    1. Click +Add in the Map Attributes section.
    2. From the Add Map Attributes window, enter the following information:
       

    User:

    1. Select OpsRamp Entity as User and OpsRamp Property as Role.
       Role mapping is required for User and User Group.
       

    

    2. OneLogin Entity: Enter the value.
       
    3. OneLogin Property: Enter the value.
       Similarly, do the role mapping for Primary Email, First Name, and Last Name..
       Under Property Values:
       
    4. OneLogin Property Value: Enter the value that is coming from OneLogin side (from the payload).
       
    5. OneLogin Property Value: Select the appropriate role corresponding to the OneLogin Property Value.
       
    6. Click Save. The mapping is saved and displayed.
       To add more property values click +Property Value.
       User the Filter option to filter the map attributes.

    

    Similarly, map attributes for other entities.

    User Group:

    1. Select OpsRamp Entity as User Group and OpsRamp Property as Role.

    

    2. OneLogin Entity: Enter the value.
       
    3. OneLogin Property: Enter the value.
       Similarly, do the role mapping for Primary Email, First Name, and Last Name..
       Under Property Values:
       
    4. OneLogin Property Value: Enter the value that is coming from OneLogin side (from the payload).
       
    5. OneLogin Property Value: Select the appropriate role corresponding to the OneLogin Property Value.
       
    6. Click Save. The mapping is saved and displayed.
       To add more property values click +Property Value.
    7. Click Add Map Attributes.
       
       
    • Click the three dots (menu icon) available at the end of each row to edit or delete a map attribute.

If the Role is not configured in Map Attributes section, the Default Role provided in the User Provision section is considered for SSO.

13. Click Finish. The integration is installed.