This guide will take you through the steps for configuring OneLogin as the SAML IDP for HyperComply, allowing your users to authenticate into HyperComply within OneLogin instead of the usual email/password combination.
What to expect:
- First we’ll log into HyperComply and copy a value we’ll need for the OneLogin configuration.
- Next we’ll create the HyperComply OneLogin “Application” and configure it for HyperComply SAML.
- Finally we’ll copy some values from our new OneLogin Application into HyperComply so HyperComply can securely validate SAML assertions from OneLogin.
HyperComply Configuration
- Navigate to https://app.hypercomply.com/settings/saml_config
- Copy the value of the “SAML ACS Endpoint” at the bottom of the screen.
- Keep this tab open and complete the steps below, you will need to enter some values from OneLogin on this screen at the end of this process.
OneLogin Application Creation
- Log in to your OneLogin Admin Portal.
- Navigate to Applications and click the “Add App” button.
-
Search for “SAML Custom Connector (Advanced)” and click the “SAML Custom Connector (Advanced)” application.
- Name the new application according to your normal naming convention (HyperComply is best practice).
- Click “Save”.
-
Navigate to the “Configuration” tab
-
Enter the “SAML ACS Endpoint” copied from your HyperComply settings into the following fields:
- Audience (EntityID)
- Recipient
- ACS (Consumer) URL
-
For the field “ACS (Consumer) URL Validator”, enter for the following text:
- ^https:\/\/questionnaire-storage.hypercomply.com\/*
- Click “Save”
- Your Configuration tab should look something like similar to this (with your url values filled in):
-
Enter the “SAML ACS Endpoint” copied from your HyperComply settings into the following fields:
- Navigate to the “Parameters” tab.
-
Ensure parameters looks like this, otherwise create an missing parameters (this depends on your global OneLogin configuration):
-
Ensure parameters looks like this, otherwise create an missing parameters (this depends on your global OneLogin configuration):
- Navigate to the “SSO” tab.
Note: this section requires copying values from OneLogin into the HyperComply SAML configuration form opened in the “HyperComply Configuration” section above. If you don’t have the tab open anymore, return to the form here: https://app.hypercomply.com/settings/saml_config.
-
In OneLogin: Under X.509 Certificate, click “View Details”
-
Click the copy button next to the “X.509 Certificate” fields
- In HyperComply: Paste the value into the form field “IDP Certificate”.
- In OneLogin: click the “Certificates” link at the top to return to the application settings page. Make sure you’re back on the “SSO” tab.
-
Click the copy button next to the “X.509 Certificate” fields
-
In OneLogin: Click the copy button next to the “Issuer URL” field.
- In HyperComply: paste this into the “IDP Entity ID” field.
-
In OneLogin: Click the copy button next to the “SAML 2.0 Endpoint (HTTP) field.
- In HyperComply: paste this into the “IDP Endpoint URL” field.
- In HyperComply: Check the “Enable SAML” box and click “Save”.
At this point you have completed connecting your OneLogin SAML IDP to HyperComply, now allowing users to log into HyperComply from OneLogin. Any user that logs into HyperComply via OneLogin will have an account created for them (if they don’t already have an account). Allowing OneLogin users to log into HyperComply can be done by adding users to the HyperComply “Application” you created above in OneLogin.
If you have any further questions or troubles regarding your setup, submit a request to our team here.