SAML

Note: This login method is only available in the licensed Business + Enterprise editions

This guide walks you through setting up SAML with OneLogin, but it generalizes to most SAML identity providers. Outline customers have successfully used Okta, Active Directory, and many others.

Create Application

  1. In your OneLogin admin navigate to “Applications” and click Add App

  2. Search for and select “SAML Test Connector (Advanced)”

  3. In the Configuration change the “Display Name” and upload an Icon.

  4. Ensure loginURL is set to https://yourdomain.com/auth/saml

  5. Click “Save” in the top right

Parameters

  1. Navigate to “Parameters” for the new application in the left menu, you’ll need to setup the custom parameters that will be sent to Outline in order to provision new users. Make sure to check the Include in SAML assertion box for each.

  2. The following are required:

    1. fName mapped to first name

    2. sName mapped to surname

    3. email mapped to a valid email address

Parameters setup in OneLogin

Parameters setup in OneLogin

Configure Outline

Now we need to tell Outline where to find our OneLogin application. Two new environment variables must be set inside of docker.env. Once the server is restarted, if all is setup correctly you should see a new option to “Continue with OneLogin” on the login screen.

Environment variable

SAML_SSO_ENDPOINT

Copy the value from SAML 2.0 Endpoint (HTTP) under the “SSO” tab in the OneLogin application admin.

SAML_CERT

Copy the value from X.509 Certificate (You’ll need to click “view details” and copy the public key value from the large textbox). In a text editor delete the “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” text and all new lines. The resulting cert should be on a single line.