These steps will guide you through setting up the Single Sign-On functionality between OneLogin and Pantheon.
Setting Up OneLogin
Starting in the OneLogin admin dashboard portal, do the following:
- Go to Apps > Add Apps.
- Search for Pantheon that is a SAML 2.0 connector and select it.
You may edit the Display Name if desired. - Click Save.
- Select the Configuration tab.
- Under Pantheon Org Domain, put the domain of your organization's Pantheon URL.
- Click Save.
- Select the Parameters tab.
- Ensure that Credentials are Configured by admin and that the mappings are as follows:
NameID -> Email
- Click Save.
- Select the SSO tab.
- Copy down the SAML2.0 Endpoint (HTTP) URL.
- Click View Details.
- Select the Clipboard Icon to copy the entirety of the SHA-1 Fingerprint.
- Make a ticket to your Pantheon support team that includes:
- Your organization's email domain that was configured in step 5
- Your OneLogin SHA-1 Fingerprint
- Your OneLogin SAML HTTP Endpoint
With the configuration complete, OneLogin and Pantheon should be connected through SAML!
Troubleshooting Email Mismatch
In some cases, the Pantheon account admin email may not match the OneLogin admin email. This can be remedied by doing the following:
- Go to Users > Account_Owner.
- Select the Applications tab.
- Select Pantheon to open the Edit Login pane.
Here you may overwrite the default fields for your Pantheon login and insert the correct information to match your OneLogin credentials with your Pantheon credentials.