Skip to main content

Illumio Administration Guide 25.4

OneLogin Single Sign-on

This section describes how to configure SSO for OneLogin.

Configure SSO for OneLogin

This task shows you how to configure SSO to authenticate users with the PCE using OneLogin as your Identity Provider (IdP).

Before you begin, make sure you have the following information from your OneLogin account:

  • x.509 certificate

  • SAML 2.0 Endpoint (HTTP)

  • SLO Endpoint (HTTP)

Note

To perform this task, your PCE user account must have Owner or Admin privileges.

To configure the PCE for OneLogin SSO:

  1. From the PCE web console menu, choose Settings > SSO Config.

  2. Click Edit.

  3. Select the Enabled checkbox for SAML Status.

  4. Enter the following information:

    • SAML Identity Provider Certificate: Paste your OneLogin x.509 certificate (in PEM text format).

    • Remote Login URL: Enter the OneLogin SAML 2.0 Endpoint (HTTP) URL.

    • Logout Landing URL: Enter the OneLogin SLO Endpoint (HTTP) URL.

  5. In the Information for Identity Provider section, choose the Access Level for the users who use OneLogin to authenticate with the PCE. When you select No Access, SSO users from your OneLogin account will have to be added manually before they can log in to the PCE.

  6. In the Information for Identity Provider section, make note of the following fields:

    • Issuer

    • Assertion source URL

    • Logout URL

      You will enter this information into your OneLogin SSO configuration.

  7. Select the authentication method from the drop-down list:

    • Unspecified: Uses the IdP default authentication mechanism.

    • Password-Protected Transport: The user must log in with a password using a protected session.

  8. To require users to re-enter their login information to access Illumio (even if the session is still valid), check the Force Re-authentication checkbox. This allows users to log in to the PCE using a different login than their default computer login and is disabled by default.

    Note

    The preferences are used when SSO is configured both in Illumio Segmentation for Data Centers and for the IdP. When SSO is not configured, the default IdP settings are used.

  9. Click Save.

  10. Log in to your OneLogin account.

  11. Select the Illumio Segmentation for Data Centers app, and then click the Configuration tab.

  12. Enter the values copied from the Information for Identity Provider section of the PCE SSO configuration page.

    one_login_sso_config.png

  13. Click Save.

    Your PCE is now configured to use OneLogin SSO to authenticate users with the PCE.