To configure OneLogin to sign in users into UserVoice using SAML, follow those steps.
In OneLogin, do the following:
- In OneLogin, navigate to Apps > Find apps and search for UserVoice. Click Add.
- In the Add UserVoice screen select for the app to be used by the Organization and select SAML 2.0 for the Connector Version. Press Continue.
- Type your UserVoice subdomain into the Subdomain field within the Configuration tab.
- Under the Single Sign-on tab copy the HTTP Endpoint under SAML Endpoints to the clipboard for use in UserVoice later (step 2 below). Next go to the x.509 Certificate below and download the certificate or visit this URL to download it: https://app.onelogin.com/saml/saml_certificate. You will give this to UserVoice. Set the credentials to Configured by admin and select a default Email value of email and set the remaining values as required (see below screen shot for example).
- Under the Access Control tab choose which roles will have access to UserVoice.
In UserVoice, do the following:
To setup UserVoice as a SAML Service Provider, you need to upload your OneLogin SAML token signing certificate via UserVoice Admin Console. You need to be on a Pro plan to be able to do this.
- Go to Admin Console -> Settings -> General -> User authentication.
- Select the option Single Sign-On (SSO).
- SSO KEY is not used in SAML, so ignore it.
- Input the SSO Remote Sign-In URL of your Identity Provider (required). This is the HTTP endpoint copied in Step 4 above.
- If you need to, also input your SSO Remote Sign-Out URL so that your IdP knows when users log out. This is https://app.onelogin.com/client/apps
- Finally, upload your OneLogin x509 certificate file in either PEM (ascii) or DER (binary) format. This is located in Security > SAML section of OneLogin.
- Then, press Save authentication settings.
To test do the following:
- Login to OneLogin.
- Make sure you are logged out of UserVoice.
- Click the UserVoice icon on your dashboard. This should log you into UserVoice.
- Alternatively, you can go to http://subdomain.usevoice.com and attempt to sign in, at which point you should be signed in through OneLogin.