Setting Up OneLogin As An IdP Server for ParkMyCloud

Setting Up OneLogin As An IdP Server for ParkMyCloud

The purpose of this article is to guide you in setting up OneLogin as an Identity Provider (IdP). 
For more information, consult the OneLogin Documentation.
Spoiler Alert: Using the semi-automated configuration approach (uploading an IdP metadata file) for OneLogin within ParkMyCloud is the preferred approach.

Before configuring OneLogin, let's do some prep work in ParkMyCloud:
  • Go to Settings/Single Sign-On (SSO) with SAML and enable. If you have existing users in the system, I suggest you select "Allowed for All Users", as this will allow users with local accounts and SSO users. (If you want strict adherence to SSO, then select "Required for All Users Except for Admins".)
  • Configure the unique identifier to something human readable (unless you really like UUID strings). Also, you can pick a default team if you like (we left it blank for now) and set the IdP Configuration to "Upload an IdP metadata file."

Now let's jump over to OneLogin.  To configure OneLogin, you will need admin permissions.  
  • Login to OneLogin with the appropriate credentials.
  • Select "Add App" to search the OneLogin app catalog (just start typing "ParkMyCloud") and click on it.
  • Select "Save" to begin configuration. There's not much to do here.
  • Click on the "Configuration" tab and enter the unique string you created (or UUID if you didn't create one)

  • Go to the SSO tab. Select "SHA-256" for encryption and copy the metadata URL.

  • Go to the Access/Users tabs and assign users or groups access.

  • Save the App

  • Now open up a browser and paste the metadata URL in. You will be prompted to download and save the metadata file. Do that.

OK, now back to ParkMyCloud. 
  • Upload the OneLogin metadata file you just saved

  • Save Changes -- Your done!

Just give the login URL to your users for SP-initiated SSO, or, alternatively, they can just click on the ParkMyCloud icon on their dashboard in OneLogin for IdP-initiated SSO.