OneLogin Configuration

FSProtect can be integrated with the OneLogin system to simplify authentication. The following configurations must be completed for integration:

SAML Connection Configuration

The OneLogin administrator dashboard must be accessed. Under Applications → Applications, the Add App option must be selected.

In the Find applications box, SAML Custom Connector (Advanced) must be searched and selected. A display name must be provided, and the configuration saved.

After saving, the Configuration tab of the new app must be opened. A SAML connection must be configured in OneLogin with the following parameters:

• ACS URL: Copied from FSProtect after SSO settings are saved. The value must exactly match FSProtect’s ACS URL.

• ACS (Consumer) URL Validator: The same value as the ACS URL.

In the top-right More Actions dropdown, SAML Metadata must be selected to download the XML file. The file must be saved and uploaded to FSProtect, where it will be parsed to pull in OneLogin’s endpoints and certificates.

Role and Username Mapping Settings:

In OneLogin’s Parameters tab, the following assertion attributes must be added so FSProtect can read them:

Username Attribute Key

• Name: username

• SAML Field Name: Exactly the value entered in FSProtect’s Username Attribute Key field (e.g., username)

• Include in SAML Assertion: Checked

Role Attribute Key

• Name: role

• SAML Field Name: Exactly the value entered in FSProtect’s Role Attribute Key field (e.g., role)

• Include in SAML Assertion: Checked

Once the OneLogin app configuration has been saved:

1. The IdP Metadata XML must be downloaded from the OneLogin SSO → View Details panel.

2. In FSProtect’s New Provider screen, the XML must be uploaded via the XML Upload Field.

3. The configuration must be saved in FSProtect.

4. OneLogin users or groups must then be assigned to the app.

After these steps, FSProtect SSO Login will function with correct username and role mappings.