Skip to main content

OneLogin SAML

Learn how to set up single sign-on with OneLogin app.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over a week ago

This feature is available only on the Enterprise plan and can be purchased as an add-on on the Pro plan.

In this article you'll learn how to set up single sign-on with Lokalise and OneLogin.

Here's a short video that can help you get started:

Part 1: Configuration on Lokalise

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Accessing team settings

Then, proceed to the Advanced security tab and tick the Enable SSO field:

Enabling SSO on Lokalise

  • Team's domain: Enter your full OneLogin domain (e.g., yourcompany.onelogin.com).

  • SAML 2.0 Endpoint (HTTP): Copy the SAML 2.0 Endpoint (HTTP) from the OneLogin SSO tab. Example: https://stvsk-dev.onelogin.com/trust/saml2/http-post/sso/cc9f5af6-4f2d-4fcf-b553-a337912de486.

  • Identity Provider Issuer: Use the Issuer URL from the same SSO tab. Example: https://app.onelogin.com/saml/metadata/cc9f5af6-4f2d-4fcf-b553-a337912de486.

  • Public Certificate: Copy the certificate from the OneLogin SAML app’s SSO tab.
    It must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  • Sign AuthnRequest: Typically not required. If needed, enable the option, copy the certificate from Lokalise’s Service Provider Public Certificate field into a .crt file, and import it into the required service.

Reconfiguring same SSO domain for another team

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

  1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

  2. Uncheck Enable SSO setting.

  3. Click on Save.

  4. Proceed with configuring SSO for the other Lokalise team.

Part 2: Configuration on OneLogin

Step 1: Adding a OneLogin app

  1. Log in to your OneLogin admin portal.

  2. Navigate to Applications and click Add App.

  3. Search for SAML Custom Connector (Advanced) and select it.

Step 2: Info tab

View info tab

  • Only the Display Name field is required.

  • All other fields can be left at their default values.

Step 3: Configuration tab

View configuration tab

  • RelayState — set to https://app.lokalise.com.

  • Audience (EntityID) — set to https://lokalise.com.

  • ACS (Consumer) URL Validator — enter the ACS URL Preview from Lokalise in regex format.


    Tip: Use the Regex Generator to produce a proper expression. Be sure to include the ^ and $ anchors.

  • ACS (Consumer) URL — enter the ACS URL Preview value from Lokalise, for example ​https://app.lokalise.com/sso/stvsk-dev.onelogin.com/acs.

  • SAML nameID format — set to Persistent.

Step 4: Parameters tab

View parameters tab

Define the following attributes:

App Attribute

OneLogin Field

NameID

Unique ID (e.g., OneLogin ID)

User.Email

Email

first_name (optional)

First Name

last_name (optional)

Last Name

  • NameID value — must be unique, pseudo-random, and will not change for the user over time — like a OneLogin ID, for example.

  • User.EmailEmail

  • first_name (optional) — First Name

  • last_name (optional) — Last Name

Attributes are case-sensitive.

Any unmapped fields will be ignored by Lokalise.

Also note that for each added attribute you have to enable the Include in SAML assertion option:

Step 5: SSO tab

View SSO tab

This tab provides the values you’ll need to complete the setup in Lokalise:

  • X.509 Certificate: Click View Details to access and copy the certificate.

  • Issuer URL and SAML 2.0 Endpoint (HTTP) are also located here.

  • No changes are required on this tab. The SAML Signature Algorithm can remain as-is.

To get the certificate, click on the View Details and copy it from the next screen:

Getting certificate

Step 6: Users tab

View users tab

This tab shows users who have the SAML app assigned.

Add users to SAML app in OneLogin

You can assign apps on the Users page (https://company.onelogin.com/users):

You can also create a Role at https://company.onelogin.com/roles with your SAML app added, and assign users to that role:

Please refer to OneLogin article to learn more.

Logging in with SSO

Once setup is complete, go to https://app.lokalise.com/sso and enter the user’s email address associated with your OneLogin domain. On first login, Lokalise will prompt the user to confirm their email address before access is granted.

View confirmation email

Related Articles
PingIdentity SAML
PingFederate SAML
Okta SAML
Google SAML
Keycloak SAML
Did this answer your question?