1. Go to https://secoda.company.com/auth/admin/master/console/#/realms/secoda, sign in with the username admin and Keycloak password you added to the onprem.tfvars file and make sure you are on the Secoda Realm (not Master) by clicking the the top left. Then click on Identity Providers ****in the left hand navigation menu of Keycloak.

Screen Shot 2021-12-03 at 3.12.23 PM.png

  1. Click "Add provider..." and select SAML v2.0.

Screen Shot 2021-12-03 at 3.13.17 PM.png

  1. Name the alias onelogin. And leave this tab open.

Screen Shot 2022-01-31 at 4.34.33 PM.png

  1. Open a new window and go to your OneLogin administrator console:

    https://yourcompany.onelogin.com/apps

  2. Then click Add App.

    Screen Shot 2022-01-31 at 4.25.34 PM.png

    1. Choose SAML Custom Connector (Advanced).

    2. Name the app Secoda and go to the Configuration tab.

      Screen Shot 2022-01-31 at 4.29.44 PM.png

  3. Copy the generated Redirect URI from Keycloak, it should look something like this (seen in the image below):

<https://yourcompany.secoda.co/auth/realms/secoda/broker/onelogin/endpoint>

Screen Shot 2022-01-31 at 4.34.33 PM.png

  1. Configure SAML Settings by copying the Keycloak’s Redirect URI from the SAML v2.0 provider page of Keycloak to Audience (EntityID), Recipient and ACS (Consumer) URL settings. Create the ACS (Consumer) URL Validator setting by adding a backslash for each slash in the Redirect URI.

    Screen Shot 2022-01-31 at 4.30.37 PM.png

  2. Make sure you click Save in the top right corner (blue button).

  3. Open the SSO tab. Click on Copy To Clipboard of the Issuer URL setting.

  4. Open the Identity Providers configuration and paste the metadata link value into the Import from URL area.

Untitled

  1. Click Import and then click Save.