# Use OneLogin as your Identity Provider

## Overview

After enabling Onum as a service provider, you can set up OneLogin as an identity provider for SAML. You need to create a SAML app in your OneLogin account to register your **Callback URL** so that OneLogin can send SAML responses to the correct location.

## Set up your custom OneLogin app

{% hint style="warning" %}
To activate OneLogin as an identity provider for SAML authorization, you need a OneLogin administrator account.
{% endhint %}

{% stepper %}
{% step %}
Log in to your OneLogin admin portal. In the left menu, click **Applications > Add App**.
{% endstep %}

{% step %}
Choose **SAML Custom Connector (Advanced)** for a generic setup. Enter a display name (e.g., *MyApp SAML*) and optionally upload an app icon. Click **Save**.
{% endstep %}

{% step %}
In the **Configuration** tab, OneLogin asks you for service provider details:

{% hint style="warning" %}
Onum will not show the required **Callback URL** until you enter the identity provider details, so we will enter a placeholder URL here. 
{% endhint %}

<table><thead><tr><th width="170.08984375">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>ACS (Consumer) URL / SP Entity ID (Audience URI)</strong></td><td>Enter a temporary URL in these fields (eg, <code>https://placeholder.example.com/saml/acs</code>). You can copy the <strong>Callback URL</strong> if you already know it, or just use a dummy placeholder. We'll edit these fields later with the real value.</td><td></td></tr><tr><td><strong>SAML NameID format</strong></td><td>Select <strong>Email Address</strong>.</td><td></td></tr><tr><td><strong>SAML NameID value</strong></td><td>Select <strong>Email</strong>.</td><td></td></tr></tbody></table>

Click **Save** when you're done.
{% endstep %}

{% step %}
Once the app is created, OneLogin provides you with the IdP metadata.&#x20;

Now access Onum and go to the **Authentication** area in your Admin menu. Once there, click the **Configure Single-Sign-On** button and select **SAML** in the **Authentication method** field. Enter the following in the fields that appear:

<table><thead><tr><th width="169.69140625">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>IdP Entity ID</strong></td><td>Enter the <strong>Issuer URL</strong> from your OneLogin app.</td><td></td></tr><tr><td><strong>Single Sign-On URL</strong></td><td>Enter the <strong>SAML 2.0 Endpoint (HTTP)</strong> from your OneLogin app.</td><td></td></tr><tr><td><strong>Certificates</strong></td><td>Paste the <strong>X.509 Certificate</strong> from your OneLogin app.</td><td></td></tr></tbody></table>

Now click **Save**. You'll be given a **Callback URL**.
{% endstep %}

{% step %}
Go back to your OneLogin account and access the **Configuration** tab. Replace the placeholders with the real **Callback URL** you got in Onum and save changes.
{% endstep %}

{% step %}
Finally, go to **Users >&#x20;*****your app*****&#x20;> Applications > Add** and assign the app to users or groups so they can log in with SSO.
{% endstep %}
{% endstepper %}

Done! Onelogin is now your identity provider for Onum.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/administration/global-settings/tenant/authentication/single-sign-on-sso-with-saml/use-onelogin-as-your-identity-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.