tencent cloud

Feedback

OneLogin Single Sign-On

Last updated: 2022-07-20 17:38:55

    Overview

    OneLogin is a cloud identity access management solution provider. You can log in to all the internal system platforms of your organization through OneLogin's identity verification system with one click. Tencent Cloud supports identity federation with Security Assertion Markup Language 2.0 (SAML 2.0). SAML 2.0 is an open standard used by many IdPs such as OneLogin.
    Federated single sign-on (SSO) can be implemented by using an IdP, and admins can authorize users with their federated identity authenticated to log in to the Tencent Cloud console or call TencentCloud APIs, eliminating the need to create a CAM sub-user for each employee in the organization.

    This document describes how to configure OneLogin SSO to Tencent Cloud.

    Directions

    Creating a OneLogin enterprise application

    Note:

    • This step creates a OneLogin enterprise application. If you are already using one, skip this step and go straight to CAM configuration.
    • This document uses the application name test as an example.
    1. Log in to the OneLogin website and click Applications to enter the application management page.
    2. On the application management page, click Add App in the top-right corner.
    3. In the search box, enter SAML and press Enter. In the results list, click Pilot Catastrophe SAML (IdP) as shown below:
    4. In Display Name field, enter the application name. Click Save in the top-right corner to complete the application creation as shown below:

    Configuring CAM

    Note:

    • This step configures the trust relationship between OneLogin and Tencent Cloud.
    • In this example, the SAML IdP and role name are both test.
    1. On the OneLogin application management page, select the created application test.
    2. Click More Actions in the top-right corner and select SAML Matedata to download the IdP cloud data file as shown below:
    3. Create the Tencent Cloud CAM IdP and role. For detailed directions, see Creating an IdP and Creating Role.

    Configuring OneLogin SSO

    Note:

    This step maps OneLogin application attributes to Tencent Cloud attributes to create the trust between the OneLogin application and Tencent Cloud.

    1. On the OneLogin application management page, click the created test application to enter the application editing page.
    2. Select the Configuration tab, enter the following content, and click Save as shown below:

    You can configure it based on the site of your Tencent Cloud account:
    | Site | SAML Consumer URL| SAML Audience | SAML Recipient|
    |---------|---------|---------|---------|
    | Tencent Cloud International | https://www.tencentcloud.com/login/saml|https://www.tencentcloud.com/login/saml|https://www.tencentcloud.com/login/saml|

    1. Click Parameters, select Add Parameter, and add the following two items:
      Field name Flags Value Source Attribute
      https://cloud.tencent.com/SAML/Attributes/Role Include in SAML assertion Macro qcs::cam::uin/{AccountID}:roleName/{RoleName1};qcs::cam::uin/{AccountID}:roleName/{RoleName2},qcs::cam::uin/{AccountID}:saml-provider/{ProviderName}
      https://cloud.tencent.com/SAML/Attributes/RoleSessionName Include in SAML assertion Macro Test
      >? Replace {AccountID}, {RoleName}, and {ProviderName} of the **Role** source attribute with the following content: >- {AccountID}: Replace this with your Tencent Cloud account ID. You can view this in [Account Information in the console](https://console.tencentcloud.com/developer). >- {RoleName}: Replace this with the role name you created on Tencent Cloud. You can view this in [Role in the console](https://console.tencentcloud.com/cam/role). >- {ProviderName}: Replace this with the SAML IdP name that you created on Tencent Cloud. You can view this in [IdPs in the console](https://console.tencentcloud.com/cam/idp). >
    2. Click Save in the top-right corner to save the configuration.

    Configuring a OneLogin user

    1. Log in to the OneLogin website and click Users to enter the user management page.
    2. Click New User in the top-right corner to enter the user creation page.
    3. Enter First Name, Last Name, Email, and Username and click Save User as shown below:
      Note:

      Check your email for the password of this account, or click More Actions and select Change Password to change the password.

    4. Click Applications on the user editing page. Select on the right as shown below:
    5. In the pop-up window, select the SAML test application that you created. Click Continue as shown below:
    6. On the editing page, click Save as shown below:
    7. Use the account created in step 3 to log in to OneLogin, and access the SAML test application created in the preceding sections. You will be redirected to the Tencent Cloud console.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support