These steps will guide you through setting up the Single Sign-On functionality between OneLogin and Unifi through their web client.
Setting Up OneLogin
Starting in the OneLogin admin dashboard portal, do the following:
- Go to to Apps > Add Apps.
- Search for Unifi that is a SAML 2.0 connector and select it.
You may edit the Display Name if desired.
- Click Save.
- Select the Parameters tab.
- Ensure that Credentials are Configured by admin and that the mappings are as follows:
First Name -> First Name
Group -> - No value -
Last Name -> Last Name
NameID (Subject) -> Email
Username -> Email
- Click Save.
- Select the SSO tab.
- Copy down the SAML2.0 Endpoint (HTTP) URL.
- Select View Details.
- Select the Clipboard Icon to copy the entirety of the X.509 Certificate string.
You'll be putting the HTTP Endpoint and X.509 Certificate into your Unifi dashboard to confirm the connection.
In Unifi, do the following:
- In the main dashboard portal, select Identity Providers.
- Give your Identity Provider profile a name and then fill it out the form with the following information:
Provider URL -> <your_http_endpoint>
Bearer Token -> -blank-
Certificate -> <your_x.509_certificate>
- Click Add Identity Provider.
With the configuration complete, OneLogin and Unifi should be connected through SAML!
To test do the following:
- Login to OneLogin.
- Make sure you are logged out of Unifi.
- Click the Unifi icon on your dashboard. This should log you into Egnyte.
If you're not using the same Email in Unifi as in OneLogin, do the following:
- Go to Apps > Company Apps.
- Edit the Unifi application.
- Navigate to the Logins tab.
- Locate and select your user.
- Type a different email in the Email field and click Save.
- Navigate to the portal and re-test by clicking the Unifi icon.