SSO AuthenticationSAML 2.0
OneLogin
Configure OneLogin as a SAML 2.0 identity provider for Safeguard.
OneLogin
- In OneLogin, go to Applications → Add App, search for "SAML Custom Connector," and add it.
- Under Configuration, set:
- ACS (Consumer) URL: the ACS URL Safeguard shows after Save
- Audience: the SP Entity ID Safeguard shows after Save
- Under Parameters, add a custom parameter named
emailmapped to the Email field — separate from the NameID policy OneLogin applies by default. - Under SSO, copy the SAML 2.0 Endpoint (HTTP), Issuer URL, and the X.509 Certificate.
- In Safeguard, click Add Provider → SAML 2.0 → OneLogin, and enter those three values.
- In OneLogin, assign users under the app's Users tab.
- Click Test in Safeguard to confirm.
Common errors: an "Invalid Login" error at OneLogin usually means the Audience field doesn't match what Safeguard expects, or the app isn't assigned to the signed-in user under Users.