Axero supports onelogin integration for single-sign-on (SSO). This page covers information about onelogin SSO, walks you through how to configure onelogin SSO on your intranet, and provides solutions to common issues. To read about the benefits of onelogin SSO, click here.
Once onelogin SSO is set up on your Axero intranet, users will be re-directed to the onelogin log in page.
You can allow users to log in using their Axero credentials. To allow this, set your System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Axero login page. Users can either log in with Axero credentials or click Login via SAML to sign in using their onelogin credentials.
In the mobile app, users will be re-directed to the onelogin log in page after entering the intranet site URL.
As with the web version, you can allow users to log in using Axero credentials in the mobile app. To allow this, set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Axero login page. Users can either log in with Axero credentials or click SSO Login to sign in using onelogin credentials.
A user is created in Axero when the user logs into your Axero intranet for the first time. You can add users to Axero before they log in using the three methods below:
1. Bulk import users
Pre-populate users before onelogin setup or launch with Bulk Import Users . The Axero usernames you create must match the usernames in onelogin.
2. Manually Add users
Add users in Control Panel > People > Manage People > Add User . The Axero username you create must match the username in onelogin.
3. REST API Import
You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .
Adding Axero administrator accounts
If Axero administrator accounts are created before onelogin is set up and the Axero usernames match onelogin usernames, the administrator accounts will sync with the corresponding onelogin accounts. If not, you will need to re-configure permissions for the admin onelogin accounts and remove the previous Axero administrator accounts.
Any data can be imported from onelogin, as long as there are corresponding User Profile Fields in Axero. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Axero. See the table below for common fields to import.
* The country code in onelogin must match country options in Axero exactly.
You can also use our REST API to import user data into Axero.
User data is updated in Axero every time a user logs in.
Email and username change
When a user's email is changed in onelogin, the user's Axero email will be updated the next time they login. The Axero username won't be changed and must be updated manually by a site administrator.
When a user's assignment is removed in onelogin, the user will be blocked from logging into Axero using onelogin.
The user's account will still be active in Axero. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.
This guide walks you through how to enable onelogin SSO in Axero. Client-side setup is estimated to take 1-2 hours and Axero team setup is estimated to take 1-2 hours. The time to set up SSO can vary based on how long it takes to set up internal systems and to provide the Axero team with all required information. Our standard estimate for setting up SSO is 1-2 business days from the time a case is opened.
Once you complete the setup guide, onelogin SSO will be active on your intranet.
Search and select SCIM Provisioner with SAML(SCIM v2 Enterprise)
Edit the Display Name if you want or leave it as default and click Save
Click Configuration and scroll down
Enter Application detailsSAML Audience URL: https://<domain_name>. Example https://yourintranet.communifire.comSAML Consumer URL: https://<domain_name>/SAML/AssertionConsumerService.aspx. This should be the same domain you used for SAML Audience URL.Under API Connection for SCIM Base URL type https://<domain_name/api/scim/v2>. Example https://yourintranet.communifire.com/api/scim/v2
After adding SCIM Base URL, click Enable button.
Click SSO and copy Issuer URL, SAML 2.0 Endpoint (HTTP), and SLO Endpoint (HTTP); save for later.
Click the View Details to download X.509 Certificate file
Convert the .PEM file into .CER fileSuggestion: Use OpenSSL to convert .pem to .CER file (refer to: https://medium.com/swlh/installing-openssl-on-windows-10-and-updating-path-80992e26f6a1)
After installing OpenSSL, Go to the folder that contains the .PEM file. To convert the file, open a command line and use the command: openssl x509 -inform PEM -in onelogin.pem -outform DER -out yourfile.cer
On the command prompt use the command: openssl x509 -inform PEM -in onelogin.pem -outform DER -out yourfile.cer
onelogin.pem – the X.509 Certificate file you download.
yourfile.cer – the converted file.
Enter the following information:
Partner Identity Provider URL: Enter the Issuer URL you copied.
Single Sign On Service URL: Enter the SAML 2.0 Endpoint HTTP you copied.
Relying Party Trust Identifier: Enter your intranet URL.
Single Logout Service URL: Enter the SLO Endpoint HTTP you copied.
Partner Identity Certificate (CER): Upload the X.509 Certificate file. (The converted OneLogin.pem file to a .CER file).
Expand the SCIM User Provisioning section.
Copy the Bearer token:
Go back to OneLogin and scroll to the bottom of Configuration page and find SCIM Bearer Token. Paste the Bearer Token you just copied from Axero.
Click Provisioning and under Workflow check Enable Provisioning and click Save
Add Parameters as shown
Email should be added on the parameters.
To configure provisioning, see OneLogin SCIM Configuration Guide
For more information or assistance from the Axero team, submit a private case.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/86759/onelogin-sso
Your session has expired. You are being logged out.