Guide for Drupal Single Sign On (SSO) using Onelogin as Identity Provider (IdP)
OneLogin Single Sign On (SSO) for Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using Onelogin within minutes.
Step 1: Configuring Onelogin as Identity Provider (IdP)
- Log into OneLogin as an Administrator and go to Apps Company Apps Add Apps from the Navbar.
- In the search box, type SAML Test Connector Service Provider (SP) and click on the App to add it.
- Enter the display name and click Save.
- In General Settings, enter App Name and click on Next.
- After saving, go to Configuration Tab and enter the following:
- Click on Save.
| Audience | Enter Audience URI from the Serivice Provider Metadata tab of the module. |
| Recipient | Enter Recipient URL from the Serivice Provider Metadata tab of the module. |
| ACS (Consumer) URL Validator | Enter ACS (AssertionConsumerService) URL from the Serivice Provider Metadata tab of the module. |
| ACS (Consumer) URL | Enter ACS (AssertionConsumerService) URL from the Serivice Provider Metadata tab of the module. |
| Single Logout URL | Enter Single Logout URL from the Serivice Provider Metadata tab of the module. |
Step 2: Assigning Groups/People
- Go to SSO tab. Note down the URL/Endpoints. These will be required while configuring the Module.
- Click on View Details in X.509 Certificate heading. Copy the X.509 Certificate textarea value and keep it handy.
Step 3: Configuring Drupal as Service Provider (SP)
- In miniOrange SAML Module, go to Service Provider Setup tab. There are three ways to configure the Module:
- Click on Upload IDP Metadata.
- Upload metadata file and click on Upload.
- Click on Upload IDP Metadata.
- Enter Metadata URL and click on Fetch Metadata.
- Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
- Attributes are user details that are stored in your Identity Provider.
- Attribute Mapping helps you to get user attributes from your Identity Provider (IdP) and map them to Drupal user attributes like firstname, lastname etc.
- While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
- In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
Username: Name of the username attribute from IdP (Keep NameID by default) Email: Name of the email attribute from IdP (Keep NameID by default) Group/Role Key: Name of the Role attribute from Identity Provider (IdP) - You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.
- Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
- Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
- While auto registering, the users are assigned roles based on the group they are mapped to.
- Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider,auto-create user and Backdoor Login. To use these features, click on the respective checkboxes.
By Uploading Onelogin Metadata File :
By Onelogin Metadata URL :
Manual Configuration :
| Identity Provider Name | Enter your IdP name. For Example : Miniorange |
| IdP Entity ID or Issuer | Issuer URL from the SSO tab in Onelogin |
| SAML Login URL | SAML 2.0 Endpoint (HTTP) from the SSO tab in Onelogin |
| X.509 Certificate | Paste the X.509 Certificate textarea value from the SSO tab in Onelogin |
Step 4: Attribute Mapping. (It is Optional to fill this). This is Premium feature.
Step 5: Role Mapping (It is Optional to fill this). This is Premium feature.
Step 6: Sign In Setting. This is Premium feature.
×
![onelogin_sso_image]()
Business Trial For Free
If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.