Configuring an application on OneLogin
To configure an OneLogin application:
-
In the SAML Custom Connector (Advanced) window that opens after step 7 in Creating an OneLogin application, go to the Configuration tab.
Alternatively, go to Applications > Applications, from the applications list select your application, and then go to the Configuration tab.
- In Audience (Entity ID), enter the Entity ID from the remote SAML server configuration on FortiAuthenticator.
- In ACS (Consumer) URL Validator, enter the modified ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.
The ACS (Consumer) URL Validator must start with a “^”, end with a “$”, and have a “\” preceding every “/”, “?” and “.”.
See the screenshot below.
- In ACS (Consumer) URL, enter the ACS (login) URL from the remote SAML server configuration on FortiAuthenticator.
- In Single Logout URL, enter the SLS (logout) URL from the remote SAML server configuration on FortiAuthenticator.
- In Login URL, enter the Portal URL from the remote SAML server configuration on FortiAuthenticator.
- SAML not valid before and SAML not valid on or after may be changed as required.
- Ensure that SAML initiator is set as OneLogin.
- Ensure that SAML nameID format is as Email.
- Ensure that SAML issuer type is set as Specific.
- In the SAML signature element dropdown, select Both.
- Click Save.
Parameters while configuring an application on OneLogin must match the remote SAML server configuration on FortiAuthenticator.