OneLogin Integration (SAML)

Overview of OneLogin Integration (SAML) with TrustWorks

OneLogin Integration (SAML) with TrustWorks is a secure and convenient way to allow your users to access TrustWorks using their OneLogin credentials. SAML is a standard for exchanging authentication and authorisation data between different security domains. This means that when a user logs in to TrustWorks using their OneLogin credentials, their identity is verified by OneLogin and they are automatically granted access to TrustWorks.

There are several benefits to using OneLogin Integration (SAML) with TrustWorks, including:

• Increased security: By using SAML, you can help to protect your users' accounts from unauthorised access.
• Simplified user management: You can manage your users' access to TrustWorks from within OneLogin.
• Seamless user experience: Users can access TrustWorks with a single click, without having to remember separate passwords.

The OneLogin Integration (SAML) with TrustWorks is a simple and effective way to improve the security and usability of your TrustWorks deployment.

Prerequisites

To set up the OneLogin Integration (SAML) with TrustWorks, you will need the following:

• A OneLogin account with administrator access.
• The following information from your OneLogin account:
  • SAML 2.0 Endpoint (HTTP)
  • x.509 Certificate
  • Issuer URL

Setting Up TrustWorks in OneLogin

Adding TrustWorks to your OneLogin instance

Before proceeding with the OneLogin Integration (SAML) in TrustWorks, you'll need to set up the QueryLayer application in your OneLogin account. Follow these steps to add TrustWorks to your OneLogin instance:

1. Log in to your OneLogin admin console.
2. Go to "Applications" > "Applications" tab

3. Click the "Add App" button.
4. Search for "QueryLayer" in the search bar.
5. Select the "QueryLayer" application from the search results (Choose the "SAML 2.0 option).

6. Click the "Save" button.

Gathering the necessary information from OneLogin

1. Go to Applications > QueryLayer and navigate to the SSO tab:

2. From the SSO page you'll need to copy/save the following:

• a) x.509 Certificate
• b) Issuer URL
• c) SAML 2.0 Endpoint

Once you have gathered the necessary information, you can proceed with the OneLogin Integration (SAML) in QueryLayer.

Creating a SAML Custom Connector (Advanced)

If for some reason you are unable to add QueryLayer from the OneLogin app list, you can add QueryLayer using a SAML Custom Connector (Advanced) with the following configuration:

Info Tab Configuration:

• Display Name: QueryLayer
• Description: Optimise your privacy program with actionable Data Maps, an automated Record of Processing Activities (RoPA), and powerful workflows for assessments for cross-functional teams.

Note: The icons will be sent on demand

Configuration Tab Settings:

• Audience (EntityID): querylayer.com
• Recipient: https://api.querylayer.com/v1.0/saml/one_login/callback
• ACS (Consumer) URL Validator*: https://api.querylayer.com/v1.0/saml/one_login/callback
• ACS (Consumer) URL*: https://api.querylayer.com/v1.0/saml/one_login/callback

Parameters Tab Configuration:

• Email as NameID value
• First Name as first_name
• Last Name as last_name
• User Roles as groups

Ensure that the "Include in SAML assertion" flag is set to true for all parameters.

Once you've completed these steps,save your connector. If you encounter any issues during this process, please contact TrustWorks support for assistance.

Integration Setup Instructions

Configuring the integration in TrustWorks

1. Navigate to Settings > Global Settings > Integrations in TrustWorks
2. Click the + New Integration button
3. Select OneLogin from the list of integration types.

4. Enter a name for the integration.
5. Choose the authentication method as SAML
6. Select Default Roles: Specify the default roles to be assigned to new users (Member and/or Admin) created through this integration. If left empty, a new user will be created with both roles in TrustWorks.

7. Toggle Exclusive Access Provider On/Off: Enable this option to restrict access to the system using email/password and allow access solely through OneLogin.

8. Fill in Identity Provider (IdP) Information

To successfully configure the OneLogin Integration (SAML) with TrustWorks, you'll need to gather the necessary information from your OneLogin account. Below are the details required for the integration and a guide on where to find them:

• SAML 2.0 Endpoint (HTTP) : This URL is where OneLogin sends SAML responses to TrustWorks for user authentication. To locate it, follow these steps in OneLogin:

  a. Go to your OneLogin admin console.

  b. Navigate to "Applications" > "Applications" tab.

  c. Click on the "QueryLayer" application (or the name you assigned) to access its settings.

• Issuer URL: This is the issuer URL for your OneLogin instance.

  This one can also be found in the SSO tab. Copy issuer URL to TrustWorks.

• d. In the "SSO" tab, you should find the SAML 2.0 Endpoint URL. Copy it to TrustWorks.
• x.509 Certificate: The x.509 certificate is used for secure communication between OneLogin and TrustWorks. Can be found in the SSO tab as well. Click on "View Details" to find and copy the certificate.

9. Service Provider (SP) section is pre-populated with:
   • Audience (EntityID): This is the audience (entity ID) for your TrustWorks instance.
   • Recipient (Consumer): This is the recipient (consumer) for your TrustWorks instance.

After providing the required IdP details, click the Test Connection button to verify the integration's functionality.

Testing the Integration

Log out of your TrustWorks account, and then try to log back in using the OneLogin SSO link to test the integration. If you encounter any issues during configuration, please contact TrustWorks support for assistance at support@trustworks.io.

Conclusion

OneLogin Integration (SAML) with TrustWorks brings the power of single sign-on and centralised identity management to your organisation. By leveraging SAML-based SSO, you can enhance security, simplify user management, and provide a seamless application access experience for your users.

Here are some additional benefits of using OneLogin Integration (SAML) with TrustWorks:

• Increased security: By using SAML, you can help to protect your users' accounts from unauthorised access.
• Simplified user management: You can manage your users' access to TrustWorks from within OneLogin.
• Seamless user experience: Users can access TrustWorks with a single click, without having to remember separate passwords.

The OneLogin Integration (SAML) with TrustWorks is a simple and effective way to improve the security and usability of your TrustWorks deployment.