Skip to main content
All CollectionsSecurity and IntegrationsSSO
Setting up SSO with OneLogin
Setting up SSO with OneLogin

Step-by-step guide on how to set up Sana in your OneLogin IdP.

Bianca Wetter avatar
Written by Bianca Wetter
Updated over a week ago

Here is a step-by-step guide on how to set up Sana as a SAML 2.0 application on OneLogin.

SSO configuration with OneLogin

1. Select the Applications tab, and click the ‘Add App’ button in the top right corner. Search for ‘SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML)’ and select that.

2. Set a descriptive name and an icon for your Sana integration and press Save.

3. Enter the following information to the respective fields in the Configuration screen, replacing sampledomain with the actual domain you got from Sana.

  1. SAML Audience URL: https://example.sana.ai/x-realtime/auth/saml/metadata

  2. Recipient: https://example.sana.ai/x-realtime/auth/saml/acs

  3. ACS (Consumer) URL Validator: https://example.sana.ai/x-realtime/auth/saml/acs

  4. ACS (Consumer) URL: https://example.sana.ai/x-realtime/auth/saml/acs

You will need to put the assertion URL in the Recipient as well in order for it to work with OneLogin.

Make sure to change the SAML signature element to ‘Both’

4. Under Parameters, make sure to include three fields that are mandatory, note the exact casing:

  • email

  • firstName

  • lastName

5. Click the SSO tab. Share the following information with your Sana Integrations Specialist

  • Your X.509 certificate (click View Details to download it)

  • The Issuer URL

  • The SAML 2.0 Endpoint (HTTP)

6. We will set your Sana app with this configuration and then you can test the setup at your domain at https://<example>.sana.ai or by simply testing it directly from your Identity Provider (IdP)

Troubleshooting Common Issues

1. 'subjectConfirmation' method error

This means that the assertion response is not found. Ensure that the Recipient field is set to the ACS URL. Please double-check Step 3.

2. No attribute value for email, firstName, or lastName

This means that the configuration was set up incorrectly. Please double-check and ensure that the format of the attribute statements matches what is specified in Step 4 above.

3. User is not assigned to the client application

This means that your company's IT team has not added you to your company's Okta instance. To resolve this, you'll just need to ask your company's IT team to add you to Okta.

Related Articles
Setting up SSO
Setting up SSO with Okta
Setting up SSO with Microsoft Entra
Setting up SSO with JumpCloud
Setting up SSO with Google Workspace
Did this answer your question?