Configuring Single Sign-On for Postini is a breeze! These steps will guide you through setting up Postini's Single Sign-On functionality.
Note: To complete these steps, you will need admin level control in Postini. It is important to note, once the Single Sign-On SSO is turned on for a Postini Org. the users can only sign in using the IdP and the traditional username/password credentials will not work.
Setting Up OneLogin
1. In OneLogin, navigate to Apps > Find apps.
2. Search for Postini and click add.
3. You may edit the Display Name. Select SAML 1.1 for the connector version and click continue.
4. You may configure the app as needed with a custom Display name for the portal.
5. Next, go to the Single Sign-on configuration within the Postini connector and make note of the SAML Issuer URL, you will need this URL for Postini configuration. Additionally, set Credentials to Configured by admin and confirm the default values for Email is Email.
6. If you have not already done so, use the Access Control section in the Postini configuration to grant access to the correct OneLogin Roles.
Setting Up Postini
1. Sign in to Postini with your admin account and go to the admin center.
2. Configuring your IdP is done at the Account level for your Postini org structure.
3. Once you are within the Account settings, scroll down to Organization Settings and select Single Sign On
4. Once you are in the Single Sign On settings you must configure two pieces of information. The Issuer Name (which is the SAML Issuer URL form Step 5 above in the Postini configuration under Single Sign-on) and the x509 certificate for your account. You can get the x509 certificate from Security > SAML within your account (be sure to copy and paste the whole thing with Begin Certificate and End Certificate tags included).
5. At this point Postini knows about OneLogin and can use OneLogin as your IdP - however you must change the authentication method for an Org to use SAML Single Sign-on instead of the default password sign on method. To do this, go back to your Org hierarchy and click the group (that contains your users) that you would like to turn SAML SSO on for. After selecting that group, choose General Settings on the following page which shows the different settings you may edit for the group.
6. Finally switch the Authentication Method from PMP to SAML SSO and update the settings.
You're now ready to try the SAML Single Sign-On from OneLogin! If you have any questions on this please email support@onelogin.com