Sorry, we don't support your browser.  Install a modern browser
FeaturesIntegrationsPricingHelpSign inCreate a Nolt board
Menu
Help center

Single sign-on (SSO) via OneLogin

Nolt supports SAML 2.0 and OpenID Connect standard for Single-sign-on (SSO) and allows users to seamlessly log in to Nolt eliminating the need for them to create a separate account in Nolt. If you are using OneLogin as your Identity Provider then you can connect your Nolt board to OneLogin to setup single-sign-on. You can configure either OpenID Connect or SAML 2.0 in OneLogin to enable SSO. This guide will walk you through the steps to setup SSO via OneLogin.

This feature is only available for Enterprise customers.

Table of Contents

  1. OpenID Connect (OIDC)
  2. SAML 2.0

OpenID Connect (OIDC) Integration

If you want to use OpenID Connect based authentication for your users then you can follow along the steps to integrate OneLogin with Nolt.

1. Setting up Application in OneLogin

  1. Sign in to your OneLogin account as an administrator. Navigate to Applications → Add App.

    OneLogin OIDC application configuration

  2. Search for OpenID Connect and select OpenId Connect (OIDC). Name the app Nolt, upload your logo and save the App.

    OneLogin OIDC application configuration

  3. Once the app is created, navigate to Configuration. Set Redirect URI's as

    https://YOUR_BOARD.nolt.io/sso/openIdConnect
    OneLogin OIDC configuration

  4. Navigate to SSO → Token Endpoint. Set Authentication Method as POST

    OneLogin OIDC SSO token config
  5. Save the configuration

2. Integrating in Nolt

Navigate to your board → IntegrationsOpenID Connect. Set up all the required fields to activate the integration.

  1. Client ID:
    Copy the Client ID from the OneLogin OIDC application.
  2. Client Secret:
    Copy the Client Secret from the OneLogin OIDC application.
  3. Issuer URL:
    Copy the Issuer URL from the OneLogin OIDC application.

    4. Note: To get Client ID and Client Secret, navigate to Applications → Nolt → SSO in OneLogin.

    OneLogin OIDC sso config
  4. Token URL:
    https://ONELOGIN_SUBDOMAIN.onelogin.com/oidc/2/token
  5. Remote Login URL:
    https://ONELOGIN_SUBDOMAIN.onelogin.com/oidc/2/auth?client_id=CLIENT_ID&redirect_uri=https://YOUR_BOARD.nolt.io/sso/openIdConnect&response_type=code&scope=openid%20profile%20email

    6. Note: ONELOGIN_SUBDOMAIN is available in the issuer url. Make sure to replace ONELOGIN_SUBDOMAIN, CLIENT_ID and YOUR_BOARD before using the remote login URL.

  6. Remote logout URL (optional)
    Add a Remote logout URL if you want to redirect users to a specific URL after they log out from their Nolt account.
  7. User role structure (optional)
    If you are passing the user role for nolt other than noltUserRole in the OIDC token, you need to set this field. If you have the attribute as follows:
    userRole: 'ADMIN'
    Then the user role structure should be set as follows:
    userRole
  8. Custom Attributes (optional)
    If you are passing any custom attributes in OIDC token, you need to set this field. If you have custom attribute as follows:
    department
empId
    Then the user custom attribute structure should be set as follows:
    {"Department":"department","EmployeeID":"empId"}
  9. Click Test and activate:
    This should activate the SSO. To test the SSO try logging in as a new user.

SAML 2.0 Integration

If you want to use SAML 2.0 based authentication for your users then you can follow along the steps to integrate OneLogin with Nolt.

1. Setting up Application in OneLogin

Sign in to your OneLogin account as an administrator. Navigate to Applications → Add App. Search for SAML and select SAML Custom Connector (Advanced) from the list. Name the app Nolt and upload your logo and save the App.

2. SAML Configuration

The following settings should be configured in OneLogin to setup SAML 2.0:

  1. Audience:
    https://YOUR_BOARD.nolt.io
    This URL should match the Audience URI in Nolt SAML configuration.
  2. Recipient:
    https://YOUR_BOARD.nolt.io/sso/saml
  3. ACS (Consumer) URL Validator:
    ^https:\/\/YOUR_BOARD\.nolt\.io\/sso\/saml$
  4. ACS (Consumer) URL:
    https://YOUR_BOARD.nolt.io/sso/saml

    Other fields are optional. The configuration should look similar to the screenshot below:

    OneLogin SAML configuration
  5. SAML signature element:
    Select Assertion as the SAML signature element
    OneLogin SAML signature element
  6. Parameters
    Navigate to parameters tab (available at the left panel). To add parameters click on the + (Add) symbol.
    Add parameter button
    It is mandatory to set the below parameters with the same field-name mentioned (case sensitive).
    • id
      Check the Include in SAML assertion flag and click save. The value should be a unique descriptor for the user (Can be UUID/email or any other field).
      Add parameter box
    • name
      Check the Include in SAML assertion flag and click save. Set the value to Name.
    • email
      Check the Include in SAML assertion flag and click save. Set the value to Email.
    • noltUserRole (Optional)
      If you wish to pass the role for the user, you can set this field. The value field can be set to the field that describes the role for the user. Note: Role can be one of ADMIN/MODERATOR (case-sensitive).
    • Custom Attributes (Optional)
      You can set the custom attributes that will be shown in user profile. You can use any field-name and field value for custom attributes.
  7. SAML Signature Algorithm
    Navigate to SSO tab (available at the left panel) and set the SAML Signature Algorithm as SHA-256
    OneLogin SAML signature algorithm

3. Integrating in Nolt

Navigate to your board → IntegrationsSAML 2.0. Set up all the required fields to activate the integration.

Note: The configuration data is available in SSO tab of OneLogin (OneLogin administrator → Applications → Nolt → SSO).

SSO tab
  1. IDP entity ID (Issuer URL):
    Copy the Issuer URL.
  2. SP Entity ID (Audience URI):
    https://YOUR_BOARD.nolt.io
  3. X509 Certificate:
    To get the certificate, click on view details and copy it.
    X.509 Certificate
  4. Remote Login URL:
    Copy the SAML 2.0 Endpoint (HTTP).
  5. Remote logout URL (optional)
    Add a Remote logout URL if you want to redirect users to a specific URL after they log out from their Nolt account.
  6. User role structure (optional)
    If you are passing the user role for nolt other than noltUserRole from the parameter, you need to set this field. If you have setup the parameter statement as follows in OneLogin,Nolt user roleThen the structure should be,
    userRole
  7. Custom Attributes (optional)
    If you have set any custom attributes in the parameter, you need to set this field. If you have setup the parameter as follows:Custom attributesThen the structure should be,
    {"Department":"userDepartment","Title":"title"}
  8. Click Test and activate:
    This should activate the SSO. To test the SSO try logging in as a new user.

Need help?

Please feel free to reach out at hello@nolt.io for any help regarding SSO.

Related

Setting up SSO with OpenID Connect (OIDC)
Setup OpenID Connect via your IdP to provide single-sign-on.

Setting up SSO with SAML 2.0
Setup SAML via your IdP to provide single-sign-on.

Setting up SSO with Auth0
Setup single-sign-on (SSO) via Auth0.

Setting up SSO with Microsoft Entra ID (Azure AD)
Setup single-sign-on (SSO) via Microsoft Entra ID.

Setting up SSO with Okta
Setup single-sign-on (SSO) via Okta.

Help center