This article explains the steps needed to implement SSO and/or User Provisioning through OneLogin.

Notes:

  • If you use Proxyclick across multiple locations, you’ll need to follow the steps below for every location (1 Proxyclick location = 1 OneLogin app)
  • SSO and User Provisioning are included in our Large and Enterprise plans

 

Single-Sign-On (SSO) based on SAML 2.0

First, go to the Proxyclick Marketplace and install OneLogin.

Step 1: enter your company ID

  • Paste the company ID into OneLogin > Configuration tab

onelogin-user-provisioning-1a

  • Save changes

Step 2: Copy the SSO information

Go to OneLogin > tab “SSO” and copy the following 3 values: certificate, Issuer URL, and SAML 2.0 Endpoint (HTTP).

onelogin-sso-2c

Note: for the certificate, please click on “view details” to copy the full X.509 certificate (see 2 screenshots below)

onelogin-sso-2

onelogin-sso-3Go back to OneLogin configuration page in Proxyclick and paste these 3 values in the Issuer URL, SAML 2.0 Endpoint (HTTP) and Certificate (X.509 Certificate) (including BEGIN and END header and footer) fields.

Click on “Save”.

Your OneLogin connection is ready. You can now use the URL https://saml.proxyclick.com/init/CO-XXXX (where CO-XXXX is your Company ID) to log into Proxyclick using OneLogin SSO or log into OneLogin as a user and chose the Proxyclick app. But you will still need to add users in Proxyclick before you try to login with SSO (you can do it manually, in bulk or via User Provisioning. See next steps to configure User Provisioning with OneLogin).

User provisioning

If you didn’t do it already, go to the Proxyclick Marketplace and install OneLogin.

Step 1. Copy info from your Proxyclick account to OneLogin

  • Go to OneLogin configuration page in Proxyclick and copy the SCIM Base URL, the SCIM JSON Template,  the Custom Headers and the SCIM Bearer Token.

  • Paste them in OneLogin > Configuration > API Connection

onelogin-user-provisioning-1

  • Click the Enable button, the API status will change to Enabled

 

Step 2. Configure User Provisioning

Go to OneLogin > Provisioning tab and perform the following actions:

  • Check the Enable provisioning for Proxyclick option
  • Define admin approval in function of your needs
  • Select action “Delete” when users are deleted in OneLogin (this is important)

onelogin-user-provisioning-3

Then save the changes.

Setting up OneLogin in many locations

User Provisioning

You can configure OnLogin and manage users across multiple locations from a single Proxyclick account.

  1. Connect OneLogin in your main location (follow the steps above)
  2. Click on Multi-location mapping on the OneLogin integration in your Integration List

Important to note: If you do not see the Multi-location mapping button, then it means you are running on an older version of our OneLogin integration. All you have to do is disconnect the integration and then reconnect it before continuing with the remaining steps.

You will then see the list of all the locations for which you’re an Admin. From this list, you can enable/disable User Provisioning for each location independently using the toggle button.


Once enabled, you will be able to either import all users for provisioning in that location or define your own filters for specific users.

You can filter users based on their city and language using the appropriate conditions for each.

Advanced

If you are provisioning the same users in multiple locations, you can use the Advanced menu to force their “home location”. Proxyclick would then use this as the default location for new visits created (e.g., when using the Generic Calendar Integration).

 

Please let us know if you have any questions. We’re here to help!

Print Friendly, PDF & Email