fabriq

Before proceeding with this article, ensure that you have read our article about <a href="https://support.fabriq.tech/en/articles/6821787-saml-single-sign-on">SAML Single Sign-on 🔐</a>

Here, we will outline the steps to set up OneLogin as an Identity Provider.

1️⃣ Create a OneLogin SAML Web application

Navigate to OneLogin's portal <a href="https://your-domain.onelogin.com/" rel="nofollow noopener noreferrer" target="_blank">https://your-domain.onelogin.com/</a>

From the navbar, click on the Administration button

From the navbar, hover on Applications then click on Applications

Click on Add app, then Add custom SAML app

In the search bar under Find Applications, enter saml, and then choose SAML Test Connector (IdP)

Enter a display name for your application (e.g. "Fabriq") and click on Save

1. Navigate to OneLogin's portal <a href="https://your-domain.onelogin.com/" rel="nofollow noopener noreferrer" target="_blank">https://your-domain.onelogin.com/</a> 
2. Sign in with an administrator account
3. From the navbar, click on the Administration button
4. From the navbar, hover on Applications then click on Applications
5. Click on Add app, then Add custom SAML app
6. In the search bar under Find Applications, enter saml, and then choose SAML Test Connector (IdP)
7. Enter a display name for your application (e.g. "Fabriq") and click on Save

2️⃣ Configure the application for SAML SSO

From the left sidebar, click on Configuration

On the Application details page, you will need to enter the following information, ℹ️ reach out to us so that we can provide it to you:

- RelayState
- Audience
- ACS (Consumer) URL Validator
- ACS (Consumer) URL

1. From the left sidebar, click on Configuration 
2. On the Application details page, you will need to enter the following information, ℹ️ reach out to us so that we can provide it to you:
 - RelayState
 - Audience
 - ACS (Consumer) URL Validator
 - ACS (Consumer) URL
3. Click on Save

3️⃣ Configure the attributes for SAML SSO

Click on Parameters from the left sidebar

Click on NameID (fka Email) and set its value to be a unique user identifier and Save

Click on the + button to create custom parameters

Add the following parameters one by one, check the Include in SAML assertion flag:

- Email : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>
- First Name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>
- Last Name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>

1. Click on Parameters from the left sidebar
2. Click on NameID (fka Email) and set its value to be a unique user identifier and Save
3. Click on the + button to create custom parameters
4. Add the following parameters one by one, check the Include in SAML assertion flag:
 - Email : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress</a>
 - First Name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname</a>
 - Last Name : <a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" rel="nofollow noopener noreferrer" target="_blank">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname</a>
 ℹ️ value : field name

You can either give access to the Fabriq SAML app to:

1. everyone in your organization
2. specific groups/users

1. Click on Users from the left sidebar
2. You can either give access to the Fabriq SAML app to:
   1. everyone in your organization
   2. specific groups/users

5️⃣ Send us the App Federation Metadata file

Send it to <a href="mailto:enablement-team@fabriq.tech" rel="nofollow noopener noreferrer" target="_blank">enablement-team@fabriq.tech</a>

1. Click on SSO from the left sidebar
2. Copy the Issuer URL
3. Send it to <a href="mailto:enablement-team@fabriq.tech" rel="nofollow noopener noreferrer" target="_blank">enablement-team@fabriq.tech</a>

1️⃣ Create a OneLogin SAML Web application

2️⃣ Configure the application for SAML SSO

3️⃣ Configure the attributes for SAML SSO

4️⃣ Assign users to Fabriq

5️⃣ Send us the App Federation Metadata file