To configure OneLogin to sign in users into AtTask using SAML, follow those steps. AtTask relies on users having a Federation ID configured. This is an ID that is known by both the identity provider and the application. You can either edit the users manually, or include the Federation ID when importing users into AtTask. Users without a Federation ID will not be able to login using SAML. For ease of management, set each individual users Federation ID to the local part of the email address (the part before the @) of the user. This is the default Federation ID in OneLogin for AtTask users.
In OneLogin, do the following:
- In OneLogin, navigate to Apps > Find apps and search for AtTask. Click Add.
- In the Add AtTask screen select for the app to be used by the Organization and select SAML 2.0 for the Connector Version. Press Continue.
- Type your AtTask subdomain into the Subdomain field within the Configuration tab.
- Under the Single Sign-on tab copy the HTTP Endpoint to the clipboard for use in AtTask later. Set the credentials to Configured by admin and select a default Federated ID, which should typically be Email name part.
- Under the Access Control tab choose which roles will have access to AtTask.
- Finally, navigate to Security>SAML. Download the x.509 Certificate in .pem format.
In AtTask, do the following:
- Click Setup in the drop down menu, then System Settings
- Click Single Sign-On
- Click Edit Configuration
- Complete the form as shown below. Use the HTTP Endpoint copied above from Step 4 as the Issuer below.
- Click Choose File and select the x.509 certificate previously downloaded from OneLogin.
- Select Map User Attributes to add the required mappings from OneLogin to AtTask. For Email Address use $$NAMEID. For First Name use firstName. For Last Name use lastName. For Department use department. For Access Level or something equivalent use member_of. This will allow you to map AD Security Groups to AtTask values such as Access Control Levels.
- Click save.
To test do the following:
- Login to OneLogin.
- Make sure you are logged out of AtTask.
- Click the AtTask icon on your dashboard. This should log you into AtTask.
If you need to manually set the Federated ID for an AtTask user in OneLogin, do the following:
- Click Apps, then Company Apps.
- Edit the AtTask application.
- Navigate to the Logins tab.
- Locate your user and click Edit.
- Type the new Federated ID in the Federated ID field and click Update.
- Navigate to the portal and re-test by clicking the "AtTask" icon.