This article reviews how MindTouch supports SAML SSO with OneLogin.
- Admin access to MindTouch
- Admin access to OneLogin
- Understand how enabling SAML SSO may affect your implementation or workflows
- Working knowledge of SAML SSO and SLO scenarios
- Understand SAML SSO features supported for OneLogin
How to set up MindTouch SAML SSO in OneLogin
MindTouch has worked directly with OneLogin to provide a streamlined MindTouch SAML SSO setup experience. Follow the steps below to configure MindTouch to be accessed via SAML SSO:
Step 1: Add the MindTouch SAML SSO app
MindTouch SAML SSO is already available as an app in OneLogin. Perform the following to add MindTouch as a sign-in app:
- In OneLogin, navigate to Apps > Add Apps.
- Search for MindTouch and select MindTouch SAML 2.0.
Step 2: Configure your MindTouch app
- In the Configuration tab, enter your MindTouch Hostname. Only include the host name, not the entire URL (e.g. example.mindtouch.us).
- In the Parameters tab, configure the following fields:
OneLogin can be configured to send dynamic values from Active Directory or other LDAP records in addition to OneLogin group and role values.
- Email Address (required). Maps to the email address of authenticating users in MindTouch.
- Group (optional). Maps to MindTouch groups. Provide the attribute name group (all lowercase) to MindTouch.
- The default value is MemberOf, which maps to Active Directory groups through OneLogin's Active Directory connector.
- To provide a list of groups not located in Active Directory, create custom user fields in OneLogin and map the custom user field value to the MindTouch Group field.
- User Display Name (optional). Maps to the display name of authenticating users in MindTouch.
- Username. Persistent SAML username to link authenticating MindTouch users to a OneLogin user record.
Step 3: Download the IdP metadata
To download OneLogin IdP metadata and add OneLogin as the trusted SAML SSO IdP in MindTouch, perform the following:
- Click More Actions > SAML Metadata.
- In the SSO tab, Navigate to SSO > SLO Endpoint (HTTP) to manually copy the single logout (SLO) endpoint.
- Provide the IdP SAML metadata and SLO endpoint to MindTouch.
Step 4: Allow access to MindTouch SAML SSO
To associate the MindTouch SAML SSO app with the role, perform the following:
- Navigate to Users > Roles > Applications.
- Select the MindTouch application.
- After the role is associated with the app, add the role to a user or group, allowing the user or group of users to access MindTouch SAML SSO.
Need more help?
If you are interested in setting up SSO with OneLogin and have further questions, don't hesitate to reach out to our Support team.