If you would like to allow users to utlize the SSO features of OneLogin and Cherwell via SAML you should follow the below actions.
In OneLogin complete the following steps:
- Within the App Catalogue search for "Cherwell" and select the SAML connector
- Rename the application as required and "Save"
- Under Configuration tab enter the SAML Consumer URL (This is obtained from Cherwell Support) and the SAML Single Logout URL as below
4. Under the SSO tab configure the appropriate option for user credentials either "Admin" or "Shared by all" - note if you selected shared by all then ALL users will be logged into Cherwell as the same user, this is normally only selected for testing purposes.
5. Under the SSO tab copy the Issuer and SAML Endpoint URL's - you will need to send these to Cherwell Support.
6. Under the Security Settings of your OneLogin account copy the X.509 Certificate and paste into notepad on a Microsoft Windows operating system.
save the file as a .cer file
7. Send the .cer file you have just created along with the Issuer and SAML Endpoint URL's to Cherwell support for them to configure your instance of the Cherwell application.
you will also need to obtain from them the Consumer URL so this can be entered in step 3 above.
once you have received back from Cherwell support that the configuration has been completed then assign the application to users/Roles within OneLogin and the configuration is complete.