Integration of Entra ID with One Login as TIDPs (Trusted Identity Provider)

This document is for the refers to integrate the Microsoft Entra as the TIDPs for the One Login users to access the One Login Application with the credentials of there Entra ID.

Step-by-Step Integration Guide

Step 1: Log in to the OneLogin Administration Portal

Log in to the OneLogin Administration Portal to begin integrating with Entra ID.

Step 2: Create the Trusted Identity Provider (TIDP)

We need to create the TIDP in our OneLogin portal by navigating to Authentication → Trusted IdPs.

Step 3: Store the SP Entity ID

When creating a new Trust in Trusted IdPs, you will find the SP Entity ID under the SAML Configurations section. Make sure to store this value, as it will be needed later.

Step 4: Log in to the Microsoft Entra Portal

Now we need to log in to the Microsoft Entra portal. Use an account that has the Application Administrator role, as only users with this role can create and manage a SAML application in Entra.

Step 5: Navigate to Enterprise Applications

Under the Entra ID section, go to Enterprise applications. To create a non-gallery SAML SSO (Single Sign-On) application, click on New application (as shown in the image).

Step 6: Create a Non-Gallery Application

Inside the New Application window, click on Create your own application. You will be prompted to enter a name for your application and choose an option. Select Integrate any other application you don’t find in the gallery (Non-gallery) and click on Create.

Step 7: Configure Single Sign-On

You will be redirected to the overview page of the application you just created. Under the Manage section, click on Single sign-on. Choose the SAML option.

Step 8: Configure Basic SAML Settings

When you enter the SAML configuration page, set the following: – Identifier (Entity ID): Paste the value you previously copied from OneLogin during the creation of the Trusted IdP. – Reply URL: Enter the following URL: `https://subdomain.onelogin.com/access/idp`

Replace subdomain with the domain name of your OneLogin instance.

Step 9: Download the SAML Certificate

After entering the details, go to the SAML Certificates section. Download the certificate in Base64 format.

Step 10: Note Down Connector Details

Scroll down to the Set up OneLogin Connector section. Here, you will find: – The Login URL – The Microsoft Entra Identifier Make sure to note them down for later use.

Step 11: Add the Certificate in OneLogin

Return to the OneLogin Trusted IdPs portal. Paste the certificate (Base64 format) you downloaded from the Microsoft Entra portal into the certificate field.

Step 12: Configure the IdP Login URL

In OneLogin’s SAML Configuration section, paste the Login URL copied from Microsoft Entra.

Step 13: Configure the Issuer Field

In the Configurations section, paste the Microsoft Entra Identifier into the Issuer field. Check the box Sign users into OneLogin and leave other options unchecked.

Step 14: Enable the Trusted IdP

Enable the Trusted IdP option to allow OneLogin to use Microsoft Entra for authentication.

Step 15: Show Microsoft Entra on Login Panel

As the final step, go to the Login options and check Show in login panel. This will allow users to log in with Microsoft Entra on the OneLogin sign-in page.