To integrate OneLogin SSO for Atlan, complete the following steps.
Choose SSO provider (in Atlan)
To choose OneLogin as your SSO provider, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Under Choose SAML provider, select OneLogin and then click Configure.
- Under Service provider metadata, copy the Audience (EntityID), Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL.
Set up SAML application (in OneLogin)
To set up a SAML application, within OneLogin admin console:
- From the menu along the top, navigate to Applications and then click on Applications.
- In the upper right, click the Add App button.
- In the search box, enter saml custom and then click SAML Custom Connector (Advanced).
- Under Display Name enter a name for your app, such as Atlan and then click the Save button.
- Change to the Configuration tab and under Application details enter your Atlan SAML settings:
- For Audience (EntityID) enter the value you copied from Atlan above.
- For Recipient enter the value you copied from Atlan above.
- For ACS (Consumer) URL Validator enter the value you copied from Atlan above.
- For ACS (Consumer) URL enter the value you copied from Atlan above.
- For Login URL enter the same value used for the fields above.
- Change to the SSO tab and change the following:
- For SAML Signature Algorithm set SHA-512.
- Under Login Hint ensure Enable login hint is checked.
- Change to the Parameters tab and use the circular + icon to add mappings for the following:
- email —> Email
- firstName —> First Name
- lastName —> Last Name
- In the upper right, click the Save button.
Download OneLogin's metadata file (in OneLogin)
To download the metadata file for the application, within OneLogin:
- From the application page, in the upper right navigate to More Actions and click SAML Metadata.
(Optional) Map groups to the app (in OneLogin)
To map OneLogin groups to the app, within the OneLogin application:
- In the top left, click the Users tab, and from the dropdown, select Mappings.
- Under Mappings, click New Mapping to create a new group mapping for Atlan.
- In the New Mapping dialog, enter the following details:
- For Name, enter a meaningful name for your group mapping — for example,
SSOGroupA
. - Under Conditions, click the + button and enter the following details:
- From the attributes dropdown, select Group to map all your OneLogin groups to Atlan.Â
- From the operators dropdown, select is.
- From the values dropdown, select the group name.
- Under Actions, enter the following details:
- From the Set role dropdown, select Set memberOf. This is required if you want to retain group membership in Atlan.
- From the Set memberOf to dropdown, enter the group name.
- Click Save to confirm your selections.
- For Name, enter a meaningful name for your group mapping — for example,
- Under Mappings, click New Mapping to remove any group mappings if none are selected.
- In the New Mapping dialog, enter the following details:
- For Name, enter a meaningful name for your group mapping — for example,
clearMemberOf
. - Under Conditions, click the + button and enter the following details:
- From the attributes dropdown, select Group.Â
- From the operators dropdown, select is.
- From the values dropdown, keep the default selection None.
- Under Actions, enter the following details:
- From the Set role dropdown, select Set memberOf.
- From the Set memberOf to dropdown, leave as blank.
- Click Save to confirm your selections.
- For Name, enter a meaningful name for your group mapping — for example,
- Under Mappings, click the Reapply All Mappings tab, and in the corresponding screen, click Continue to confirm.
- In the top left, click the Applications tab, and from the dropdown, click Applications.
- Under Applications, select your SAML application.
- From the left menu of SAML Custom Connector (Advanced), click Parameters.
- In the upper right of the parameters page, click the + button to add a new parameter.
- In the New Field dialog, enter the following details:
- For Field name, enter
memberOf
. - For Flags, check the Include in SAML assertion box.
- Click Save to proceed to the next step.
- In the corresponding Edit Field memberOf dialog, from the Value dropdown, select MemberOf.
- Click Save to confirm your selections.
- For Field name, enter
If any of your OneLogin users do not belong to any groups, you can either add them to an existing group or create a new one. Once you have configured group mapping in Atlan, they will be able to log in to Atlan and assigned the same permissions as their OneLogin group.
Upload OneLogin's metadata file (in Atlan)
To complete the configuration of OneLogin SSO, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Under Choose SAML provider, select OneLogin and then click Configure.
- To the right of Identity provider metadata click the Import from XML button.
- Select the
onelogin_metadata_1234567.xml
file downloaded from OneLogin above. - At the bottom of the screen, click Save.
Congratulations — you have successfully set up OneLogin SSO in Atlan! 🎉
(Optional) Configure group mappings
memberOf
attribute and group mapping to retain group membership in Atlan.To automatically assign OneLogin users to Atlan groups based on their OneLogin groups, within Atlan:
- From the left menu on any screen, navigate to Admin.
- Under the Workspace heading, click SSO.
- Change to the Groups Mapping tab.
- To the right of each Atlan group listed:
- Under the SSO Groups column, type the name of the corresponding group in OneLogin to map to the Atlan group on that row — for example,
Data Engineering
,Business Analysts
, and so on. You will need to provide each OneLogin group with access to Atlan. - Click the Save button on that row.
- Under the SSO Groups column, type the name of the corresponding group in OneLogin to map to the Atlan group on that row — for example,
As each user signs up to Atlan, they will be automatically assigned groups in Atlan based on these mappings! 🎉