Comment on page
OneLogin
Testmo can be integrated with OneLogin via SAML so users can login to Testmo with their OneLogin account. Testmo supports configuring multiple login methods, so you can integrate different identity providers (as well as internal Testmo logins) at the same time. This guide explains how to configure the integration in Testmo and OneLogin.
Testmo Enterprise feature
Single sign-on integration is a Testmo Enterprise-only feature. To use the OneLogin SAML integration, please ensure that you are using Testmo Enterprise. If you are unsure about your subscription (or want to try the integration with a trial), please contact us.
To configure the integration between both tools, you need to configure it both in Testmo and in OneLogin. The Testmo and OneLogin integration uses SAML as the authentication protocol.
We start by configuring the integration in OneLogin. Go to OneLogin's admin area and then select Applications. From there, select Add App:
- Search for SAML Custom Connector
- Click SAML Custom Connector (Advanced) by OneLogin
- Under the Portal settings, Display Name: Enter Testmo
- Click Save
Then, from the left sidebar, select:
- Configuration:
- ACS (Consumer) URL Validator:
^https:\/\/[a-zA-Z0-9]+\.testmo.(com|net|io|eu)\/auth\/saml\/login\/[0-9]+$- ACS (Consumer) URL: Leave empty
- Login URL: Address of your Testmo instance
- SAML initiator: Select Service Provider
- Parameters: Add three parameters here:
- ID parameter:
- Field name:
id(important: all lower case) - Include in SAML assertion: Yes, check
- Value: Select Internal ID
- Name parameter:
- Field name:
name(important: all lower case) - Include in SAML assertion: Yes, check
- Value: Select Name
- Email parameter:
- Field name:
email(important: all lower case) - Include in SAML assertion: Yes, check
- Value: Select Email
Then save the settings by clicking the Save button in the top right corner. From the SSO page (from the left sidebar), you will need to copy the following settings to configure the integration in Testmo next (see below):
- X.509 Certificate: Click View Details and copy the X.509 Certificate text block
- Issuer URL: This will be the SAML entity ID in Testmo
- SAML 2.0 Endpoint (HTTP): This will be the SAML single sign-on URL in Testmo
We continue with the configuration in Testmo. In Testmo, go to Admin > Authentication. In the External section, click + Login method. Then enter these details in the Add login method dialog:
- Name: The name of the login method. This is the name displayed on the login page to choose a login method for users. You could call it OneLogin, for example.
- Provider: Select OneLogin (SAML)
- SAML entity ID: Copy the above Issuer URL from OneLogin here
- SAML single sign-on URL: Copy the above SAML 2.0 Endpoint (HTTP) from OneLogin here
- SAML public certificate (X509): Copy the above X.509 Certificate from OneLogin here
- SAML claims
- ID claim: Leave default value of
id - Name claim: Leave default value of
name - Email claim: Leave default value of
email
Restricting OneLogin to certain user groups
Testmo supports restricting specific login methods to certain user groups. For example, you can configure one login method to support only a specific user group, while another login method can be used by all users etc. Learn more about authentication login rules.
Auto-provisioning new users
You can optionally also auto-provision new users. So if a user logs in for the first time and you enable auto-provisioning, Testmo automatically creates a Testmo account for the user. Learn more about auto-provisioning.
When multiple login methods are configured in Testmo, users can choose a login method from Testmo's login page. The internal Testmo login is also always available. Depending on the authentication login rules you configure, some login methods might only be allowed for certain user groups.
The internal Testmo login method is always enabled at least for Testmo admin users. This way admin users can always log in to Testmo, even if an external authentication system is having issues.
Example login page with multiple login methods configured
You can disable the OneLogin integration at any time. To do so, we recommend disabling or removing the integration both in Testmo and in OneLogin:
- In Testmo, go to Admin > Authentication and either disable or remove the login method. Make sure that another login method is configured for the users who previously logged in with OneLogin and notify the users about the change.
- In OneLogin, delete the configured Testmo application.
Last modified 1yr ago