OneLogin SSO | Communifire Documentation

Axero supports onelogin integration for single-sign-on (SSO). This page covers information about onelogin SSO, walks you through how to configure onelogin SSO on your intranet, and provides solutions to common issues. To read about the benefits of onelogin SSO, click here.

Login Experience

Once onelogin SSO is set up on your Axero intranet, users will be re-directed to the onelogin log in page.

Logging in with Axero credentials

You can allow users to log in using their Axero credentials. To allow this, set your System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Axero login page. Users can either log in with Axero credentials or click Login via SAML to sign in using their onelogin credentials.

Mobile App Login Experience

In the mobile app, users will be re-directed to the onelogin log in page after entering the intranet site URL.

Logging in with Axero credentials

As with the web version, you can allow users to log in using Axero credentials in the mobile app. To allow this, set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Axero login page. Users can either log in with Axero credentials or click SSO Login to sign in using onelogin credentials.

Adding Users

A user is created in Axero when the user logs into your Axero intranet for the first time. You can add users to Axero before they log in using the three methods below:

1. Bulk import users

Pre-populate users before onelogin setup or launch with Bulk Import Users . The Axero usernames you create must match the usernames in onelogin.

2. Manually Add users

Add users in Control Panel > People > Manage People > Add User . The Axero username you create must match the username in onelogin.

3. REST API Import

You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .

Adding Axero administrator accounts

If Axero administrator accounts are created before onelogin is set up and the Axero usernames match onelogin usernames, the administrator accounts will sync with the corresponding onelogin accounts. If not, you will need to re-configure permissions for the admin onelogin accounts and remove the previous Axero administrator accounts.

Importing Data

Any data can be imported from onelogin, as long as there are corresponding User Profile Fields in Axero. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Axero. See the table below for common fields to import.

* The country code in onelogin must match country options in Axero exactly.

You can also use our REST API to import user data into Axero.

Syncing Data

User data is updated in Axero every time a user logs in.

Email and username change

When a user's email is changed in onelogin, the user's Axero email will be updated the next time they login. The Axero username won't be changed and must be updated manually by a site administrator.

Disabled Users

When a user's assignment is removed in onelogin, the user will be blocked from logging into Axero using onelogin.

The user's account will still be active in Axero. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.

Setup Guide

This guide walks you through how to enable onelogin SSO in Axero. Client-side setup is estimated to take 1-2 hours and Axero team setup is estimated to take 1-2 hours. The time to set up SSO can vary based on how long it takes to set up internal systems and to provide the Axero team with all required information. Our standard estimate for setting up SSO is 1-2 business days from the time a case is opened.

Once you complete the setup guide, onelogin SSO will be active on your intranet.

Configure onelogin SSO

1. Login to the admin console in onelogin, and navigate to Administration section
   
   
2. Click Applications - Applications
   
   
3. Click Add App
   
   
4. Search Axero, and select the Axero App.
   
   
   
5. Click Save
   
   
6. Click Configuration and type the intranet site name. Click Save. Eg. https://yourintranet.communifire.com
   
   
7. Click SSO and copy Issuer URL, SAML 2.0 Endpoint HTTP, SLO Endpoint HTTP and save for later.
   
   
8. Download x.509 certificate. Click View Details
   
   
   
   and on the following screen, click Download
   
   
9. Assign users or groups to the app. Click Users - Users
   
   
10. Select user
    
    
11. Click Applications - Click the + icon 
    
    
12. Click Continue
    
    
13. Click Save
    
    
    
14. User is now added the the App
    
    

Provisioning

To configure provisioning, see OneLogin SCIM Configuration Guide 

Configure Axero

1. In Axero, go to Control Panel > System > Single Sign On.
2. Select SAML.
3. Enter the following information:
   
   • Partner Identity Provider URL: Enter the Issuer URL you copied.
   • Single Sign On Service URL: Enter the SAML 2.0 Endpoint HTTP you copied.
   • Relying Party Trust Identifier: Enter your intranet URL.
   • Single Logout Service URL: Enter the SLO Endpoint HTTP you copied.
   • Partner Identity Certificate (CER): Upload the X.509 Certificate file. (Convert the onelogin.pem to a .CER file).
     
     Example:
     
     
4. Click Update.
5. Click Data Mapping.
6. For Type, select SAML.
7. Add attribute mappings. The Property Name should match the attribute name you entered in Attribute Statements in onelogin.
   Example:
   
   
8. Click Update.
9. Submit a private case to have our team provide you with a valid Service Provider Certificate (PFX) and Certificate Password.

For more information or assistance from the Axero team, submit a private case.