Quantcast
Channel: VMware Communities : Blog List - All Communities
Viewing all articles
Browse latest Browse all 3135

VMware Identity Manager as trusted Identity Provider for OneLogin

$
0
0

Use Case:

Configure OneLogin as federation Service Provider with VMware Identity Manager (IDP).

 

Prerequisites:

  • Access to VMware Identity Manager administrative interface.
  • Access to OneLogin  administrative interface.
  • OneLogin Enterprise Edition. Lower OneLogin Editions do not have the feature to enable a trusted IDP.
  • At least one test user account in VMware Identity Manager and OneLogin. The user email should match in both systems.

 

Steps:

  1. Identify VMware Identity Manager SAML metadata and SAML signing cert.
  2. Configure OneLogin as Service Provider using information from step 1.
  3. Configure VMware Identity Manager as Identity Provider.
  4. Test federation connection for IDP and SP initiated authentication flows.

 

Step 1: Identify VMware Identity Manager SAML metadata and SAML signing cert

  • Log into VMware Identity Manager (vIDM) as an admin
  • Go to Catalog > Settings SAML Metadata > Identity Provider (IdP) metadata
  • Keep vIDM IDP Metadata open in a web browser window

 

Screen Shot 2016-12-14 at 1.13.33 PM.png

 

Step 2: Configure OneLogin as Service Provider

  • Log into OneLogin as an admin
  • Go to Settings > Trusted IdPs.
  • Click "New Trust" button
  • On Trusted IdP Settings page, copy following informaiton from VMware Identity Manager IDP SAML metadata to OneLogin configuration wizard:
    • Enter a name for trusted IdP configuration (i.e. VMware Identity Manager)
    • entityID (from vIDM) ==> Issuer
    • bindings:HTTP-POST Location (from vIDM) ==> IdP Login URL
    • vIDM signing cert (from vIDM) ==> Trusted IdP Certificate
    • User Attribute Mapping: keep this as Email.

 

Screen Shot 2016-12-14 at 1.19.35 PM.png

 

Here's how OneLogin configuration wizard looks:

Screen Shot 2016-12-14 at 1.30.46 PM.png

 

  • Goto "Setting" for this newly created Trusted IDP
  • Under MORE SETTING, select "Set as default Trusted IdP"

 

Screen Shot 2016-12-14 at 1.35.05 PM.png

 


Step 3: Configure VMware Identity Manager as Identity Provider

 

You will need OneLogin SP Assertion Consumer Service (ACS) URL and it should be in the following format:

https://your_subdomain.onelogin.com/sessions/saml

For example, if your subdomain is acme-corp, your ACS will be https://acme-corp.onelogin.com/sessions/saml

 

  • In VMware Identity Manager admin console, go to:

         Catalog > Application Catalog > Add Application > ...Create a new one

  • In the app wizard, Enter App Name (i.e. OneLogin)
  • Click Next

Screen Shot 2016-12-14 at 1.44.59 PM.png

 

Screen Shot 2016-12-14 at 3.31.41 PM.png

 

  • Entitle this App (assign app to users)
    • Click Add group entitlement
    • Click "or browse"
    • Select "ALL USERS" and click Save.

Screen Shot 2016-12-14 at 1.49.23 PM.png

 

 

  • Don't forget to click "Done"

Screen Shot 2016-12-14 at 1.50.50 PM.png

 

  • Under Access Policies, select "default_access_policy_set"

 

 

Step 4: Test federation connection

  • SP initiated authentication flow

This can be tested by going directly to your OneLogin tenant URL. E.g. Go to https://your_subdomain.onelogin.com.

Following video demonstrates this login flow:
https://youtu.be/_gYULQg218M

 

  • IDP initiated authentication flow

This can be tested by going directly to your VMware Identity Manager tenant URL. After successfully logging into VMware Identity Manager portal, click on OneLogin app icon.

Following video demonstrates this login flow:

https://youtu.be/dq7MGmYPE0U


Viewing all articles
Browse latest Browse all 3135

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>