Configuring SAML Authentication with OneLogin

1. Access https://www.onelogin.com/ and create Trial/paid account.

2. Log in to your OneLogin account and create a domain when prompted. For example: sonicwall.onelogin.com.

   

3. To add SMA application to your OneLogin account:
   1. Select Apps > Add Apps.

   2. Search SAML and add it by clicking SAML Test Connector (Advanced).

      

   3. Enter appropriate name into the Display Name field (such as SAML Test Connector (IdP)) and then click Save.
   4. Click SSO tab.
   5. Click View Details below X.509 Certificate in Enable SAML 2.0 section.

   6. Download the certificate to upload as ‘Certificate Authority’ cert in SMA appliance.

      

   7. Click Configuration.

   8. Set Audience, Recipient, ACS URL Validator, ACS URL, Single Logout URL as per the following:

      • Relay state: SMA100 does not support
      • Audience: This is same as Appliance ID in SAML Domain configure page
      • Recipient: It is SMA100 receive SAML message path, the format is: https://{appliance ‘s IP address or Hostname}/ api /v1/logon/saml2ssoconsumer
      • ACS URL Validator: same as Recipient: https://{appliance ‘s IP address or Hostname}/ api /v1/logon/saml2ssoconsumer
      • ACS URL: https://{appliance ‘s IP address or Hostname}/ api /v1/logon/saml2ssoconsumer

      • Single Logout URL: https://{appliance‘s IP address or Hostname}/ api /v1/logon/saml2ssoco

        

   9. To add parameter and group user:

      1. Click Add parameter.

         

      2. Enter a name for Field name, select Include in SAML assertion, and click SAVE.

         

      3. The dialog binds the field name to user’s attribute.

         

         You can select an attribute relevant to this field and select Include in SAML assertion, then this attribute is present in the AUTH Response messages.

         For example, in step 1 we have customized some parameters, for example:

         parameter name: GGNAME, the value of GGNAME is the value of user’s attribute Department

         parameter name: UUNAME, the value of UUNAME is value of user’s attribute First Name

      4. Now you can see the parameter that you have set.

         

   10. To sync appliance date/time with NTP server:
       1. Navigate to Users

       2. Add more users for the SAML domain.

          

          

       3. Click Change Password for changing password of the newly created user.
4. Configure SAML Domain on your SMA appliance:

   1. Navigate to System > Certificates and import SAML certificates.

   2. Configure SAML domain with OneLogin data.

      

      You can now proceed with authentication from Virtual Office portal and NetExtender. When you select OneLogin domain in the login page, you are redirected to the OneLogin login page, and after providing correct credentials, the authentication is successful.