Search Knowledge Base by Keyword
This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for OneLogin.
WinKK Passport Initial Configurations
- Open passport.winkk.com/partner, login with your profile, and open the Applications tab.
- Add a new application
- Name – doesn’t matter
- URL – doesn’t matter, can be https://YOUR_ONELOGIN_SUBDOMAIN.onelogin.com
- Interface – select SAML2
- Authentication type – doesn’t matter
- Audience – https://YOUR_ONELOGIN_SUBDOMAIN.onelogin.com/sessions/saml
- ACS URL https://YOUR_ONELOGIN_SUBDOMAIN.onelogin.com/sessions/saml.
- Make sure to replace YOUR_ONELOGIN_SUBDOMAIN with your actual subdomain in OneLogin.
- Log into your domain’s OneLogin account, hover Settings in the top menu and click Trusted IdPs
- Click on NEW TRUST button in the opened screen
- Fill all configs in the following way
- Name (in the top left corner) – doesn’t matter, can be Winkk
- Issuer – Winkk Passport IdP
- Email Domains – any email domains separated by commas to log into with this IdP
- Sign users into OneLogin – should be checked
- Sign users into additional applications – should be checked
- User Attribute Mapping – select Email
- IdP Login URL https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth, where YOUR_APPLICATION_ID is the identifier obtained in the previous section
- X.509 Certificate – should be filled with the content of the certificate obtained at passport.winkk.com/partner/example/idp.winkk.com.crt
- Enable encrypted assertions – should be left unchecked
- Click Save
- Set this saved IdP as the default one by clicking MORE ACTIONS -> Set as default Trusted IdP
- The main configurations are done now and WinKK Passport is ready to be used for logons into OneLogin. But it is also required to configure users which will use the created IdP for logons.
To do it navigate to the users management screen – USERS -> All Users
- Then select or add a new user. Make sure his email is filled and he has some Privileges granted
- Switch to the Authentication tab and select previously created IdP as Trusted IDP and SAVE USER
- Now all configured users are able to log into OneLogin with profiles containing a validated email of their account in OneLogin and filled personal information.
Was this article helpful?