My Account Overview
  • Account Management
    Account Management Overview Roles and Permissions – What’s New Roles and Permissions User Management Team Management Account Settings Universal Links and Your iOS App Android App Links and Your Android App
  • Support
    Support Business Hours Ticket Submission Guidelines Create and Manage Support Tickets Sailthru Maintenance Windows
    • Custom Font ManagementVerified Sending Domain
  • Single Sign-On
    • Multifactor Authentication

    Link a OneLogin Application to Sailthru

    This guide walks you through configuring a OneLogin application to enable SAML-based Single Sign-On from OneLogin for Sailthru. In this scenario, the OneLogin application is the SAML Identity Provider.

    1. In OneLogin click “Administration” and then select “Applications” from the “Applications” menu:
    2. Click “Add App” and search for “SAML”. Select “SAML Test Connector (IdP w/ attr w/ sign response)”:

    3. Change the “Display Name” of the app and toggle off the slider “Visible in portal”:

    4. Click Save.

    Configure your new OneLogin application

    1. Decide the name of the SAML connection that will be used by Sailthru. This should be in the format of saml-<companyname>, e.g. saml-sailthru. In the following steps, you’ll insert this name in place of SAML_CONNECTION_NAME.
    2. Open the “Configuration” tab:

    3. Enter the following settings:
      1. urn:auth0:sailthru:SAML_CONNECTION_NAME as the value for the “Audience” field
      2. [-a-zA-Z0-9@:%.+~#=]{2,256}.[a-z]{2,6}\b([-a-zA-Z0-9@:%+.~#?&//=]*) as the value for the “ACS (Consumer) URL Validator” field
      3. https://login.sailthru.com/login/callback?connection=SAML_CONNECTION_NAME as the value for the “ACS (Consumer) URL” field
    4. Go to the “Parameters” tab:

    5. Make sure that the user’s email address is specified as the SAML NameID attribute:

      Remember the email address sent from OneLogin must match the email address associated with the user within the Sailthru platform.
    6. Click the Plus icon and add http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname SAML attribute:
    7. Click the Plus icon and add http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname SAML attribute:
    8. Click the Plus icon and add http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name SAML attribute as a macro field with the {firstname} {lastname} value:
    9. On the “Users” tab you can see the complete list of users who have access to the newly created OneLogin application:

    10. Go to the “SSO” tab and change “SAML Signature Algorithm” to “SHA-256”:
    11. On the “SSO” tab, download the X.509 certificate. For that click on the “View Details” link at the “X.509 Certificate” field and then download the X.509 certificate “onelogin.pem”.
    12. On the “SSO” tab, copy the value for “SAML 2.0 Endpoint (HTTP)”.

    Pass configuration details to Sailthru

    Once you have completed all these steps, please contact Sailthru with the following details

    • SAML connection name
    • Identity Provider Single Sign-On URL
    • X.509 Certificate
    Top