Single Sign-on with OneLogin
Requirements
SSO URL (Get it here)
SLO URL (Get it here)
Introduction

This guide covers how to setup SSO in COGNIGY.AI with OneLogin as the Identity Provider. After completing this guide, your users can login to COGNIGY.AI through OneLogin and will automatically get a user in COGNIGY.AI complete with access control.
Creating an Application in OneLogin

The first step is to create a new company app within OneLogin. To do this, open the adminstration panel of OneLogin and navigate to Apps > Company Apps. On this page, you can click on the ADD APP
button to create a new app.

Creating a new App
This will open a page with a lot of different application types you can choose to create:

Finding the correct application type
Search for SAML
and choose the SAML Test Connector (IdP)
application. After choosing the correct application type, input the name you want for the SAML connector and click on SAVE
.

Creating a custom SAML application
Configuring Single Sign-on for the Application in OneLogin

Configuration
We can now create the SAML configuration for the application. Open the Configuration
tab and add the SSO URL
you have from the previous guide into the ACS Consumer Validator
and ACS Consumer URL
fields.

Adding the SSO URL to the configuration
Afterwards, you should enter the SLO URL you have from the previous guide in the Single Logout URL
field

Adding SLO to the configuration
Parameters
In order to properly implement SSO with COGNIGY.AI, you need to configure the parameters assigned to the user during SSO. It is required that the following fields are set on the user:
- NameID: Email
- firstName: First Name
- lastName: Last Name
- role: User Roles

Creating the firstName user parameter
Include in SAML Assertion
It is VERY important that the
Include in SAML assertion
checkbox is checked when creating the parameters
The role will be used to grant the user the proper access rights in COGNIGY.AI. In a later step, we will add the supported roles to the app.

Correct configuration for user parameters
Configure SSO in COGNIGY.AI

After configuring SSO in OneLogin, we are finally ready to create an SSO configuration for your organisation in COGNIGY.AI. You do this by sending a POST request to the URL https:///security/identityprovider (e.g. https://api-demo.cognigy.ai/security/identityprovider) with the following JSON payload:
{
"idpIssuer": string,
"idpLoginEndpoint": string,
"idpCertificate": string,
"idpLogoutEndpoint": string
}
API Authentication
Read our API reference guide for information about how to send authenticated API requests to COGNIGY.AI
In order to do this, you need some information from OneLogin, which you will find on the SSO page in your application in OneLogin.

SSO configuration in OneLogin
idpIssuer
The idpIssuer is the Issuer URL
in OneLogin.
idpLoginEndpoint
The idpLoginEndpoint is the SAML 2.0 Endpoint (HTTP)
in OneLogin,
idpCertificate
This is the certificate that OneLogin uses to sign the SAML requests. Below the X.509 Certificate
field in OneLogin there is a View Details
button. Click this button and you will be redirected to a page where you can download the certificate.


Downloading the IDP certificate
After downloading the certificate, you need to base64 encode it without newlines. In Linux, you can do this by running the following command:
cat ./path-to-file | base64 -w0
The output of the command above should be used as the idpCertificate.
idpLogoutEndpoint
The idpLogoutEndpoint is the SLO Endpoint
in OneLogin.
You can now send the POST request to COGNIGY.AI with the information you collected from OneLogin. An example payload is below:
{
"idpLoginEndpoint": "https://cognigy.onelogin.com/trust/saml2/http-post/sso/******",
"idpCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzRENDQXNTZ0F3SUJBZ0lVYkhaWElFVzdOZy9FeWVhaUo0eCtJLzdkQWg0d0RRWUpLb1pJaHZjTkFRRUYKQlFBd1JURVFNQTRHQTFVRUNnd0hRMjluYm1sbmVURVZNQk1HQTFVRUN3d01UMjVsVEc5bmFXNGdTV1JRTVJvdwpHQVlEVlFRRERCRlBibVZNYjJkcGJpQkJZMk52ZFc1MElEQWVGdzB4T1RBeE1UY3hPREk0TURKYUZ3MHlOREF4Ck1UY3hPREk0TURKYU1FVXhFREFPQmdOVkJBb01CME52WjI1cFoza3hGVEFUQmdOVkJBc01ERTl1WlV4dloybHUKSUVsa1VERWFNQmdHQTFVRUF3d1JUMjVsVEc5bmFXNGdRV05qYjNWdWRDQXdnZ0VpTUEwR0NTcUdTSWIzRFFFQgpBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3gvbzNvLzc0S1g1YSsvaVNHbUZHRUM1NDFQUXBpRk56VGZ3bjYvQ1J5CjlXNS94eWRKdlZ3NEk4YkZOZGNmV1hZenJTdVJ5eXdrSDdZcE44U0hjSElyQUJJZmJvOUFXSm0welFTbWZDemkKa1NXOENmdm5MbGJJbjVpSGdtRnVGRFdJUHNKTHdHN1M4M2ZtNnhGUjlRcEV3YmZDNFNVc1ZQdUZIWmczWUU3VQpqS1lreERFOGtmZm01ZG5id201blJNbWlucHlIYmdJZXdhZ1NMRHk5ZmNGZUcza3VOSE0********************************************************************************kcGJpQkpaRkF4R2pBWUJnTlZCQU1NRVU5dVpVeHZaMmx1SUVGagpZMjkxYm5RZ2doUnNkbGNnUmJzMkQ4VEo1cUluakg0ai90MENIakFPQmdOVkhROEJBZjhFQkFNQ0I0QXdEUVlKCktvWklodmNOQVFFRkJRQURnZ0VCQURmYnFsQ1BTRWR4S2I4Q3RwbUllVTJIWjFackp6aG5HSXFsWUNnU1d3TWQKekNOemMrQ2g4UEtCb1dhS2dDUmw2YysySitZL0dZaFEyVW80L3ZwUFdTRGlvSGgwWmVQMkgvK0Z5c1ZHOTBlMwpzWE1MZjVjeHJxdUllUmtBOEk5VnpBdDIxbnBTcjRFUEJjSmZzMkNGSEswRkp3cnZiNElya2FhMHhSMXJ6ZVovCk5NT2FESHBzVDNjQk91UnFxWWNiRVRyRTFIUlg3QlcwK3YxajhtOWh0R283YVozUXo4NmVBZWtNOHZVQkU2clkKZzliM2ZueTdDVnUrQVZEWnE0d0k4N1cwcGRRNjRyajFXUm02MzJvTyt2eFRGdjFKK1Y4cG0wODJ4ZkhXRU5CUAo3c0VqZ2dwZ2hXMG1FeE5PbmJ6cC9YQmtCN1pxc29UdCszck9NL1hTbWJZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgo=",
"idpIssuer": "https://app.onelogin.com/saml/metadata/31beeb04-********-b8aa-b637b4fbfc01",
"idpLogoutEndpoint": "https://cognigy.onelogin.com/trust/saml2/http-redirect/slo/******"
}
Configuring User Roles

In order to configure user roles for the users in COGNIGY.AI, you either have to add the supported roles as User Roles
in OneLogin, or assign the role to each user of your app manually. Alternatively, you can also assign one global role to your app by using a Macro so that all users have the same role within COGNIGY.AI.
The supported roles within COGNIGY.AI are as follows: admin, developer, advanced_editor, marketer and basic. You can read more about user roles here: Access Control
Editing User Roles in OneLogin
To edit the user roles within OneLogin, navigate to Users > Roles and click on New Role
. In the text field that appears, input one of the supported COGNIGY.AI roles as listed above and assign your app to the role.

Creating a new role in OneLogin
Adding User Roles Manually
You can also add the roles to each user, who uses the app, manually. To do this, navigate to your app in OneLogin and click on the Users
tab. Here you can click on each user assigned to your app and change their role manually. However, this will display warnings.

Manually editing roles for users in OneLogin
You're now done configuring Single Sign-on for OneLogin, and your users can now login to COGNIGY.AI through OneLogin
Updated over 3 years ago