In this article we will outline setting up Onelogin as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. The Onelogin platform is an identity management system that uses single sign-on (SSO) and a cloud directory to enable organizations to manage user access to on-premises and cloud applications. It is one of the many SAML providers that Telnyx supports for our SSO feature.
NOTE: If you experience technical difficulties while attempting to set up your Onelogin SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Onelogin's features at https://www.onelogin.com/status.
To begin, you will need to log into your Onelogin admin panel which can be found here. On the navbar, click the Applications drop-down and select Applications. Click on the blue Add App button in the top right corner.
On the Find Applications page, search for "saml test" and select the "SAML Test
Connector (Advanced)" option from Onelogin Inc.
On the following page, enter your desired Display Name and click the blue Save button in the top right corner.
After you have saved your changes, click the SSO tab from the left-hand side menu.
From the SSO page, copy the "Issuer URL" link. This link should resemble the following example: https://app.onelogin.com/saml/metadata/<onelogin-idp-id>
Next, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization if you have not already. Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Authentication Provider Name & Short Name: You can fill these with any values you desire, though please note that the Short Name will be part of the SSO URLs.
IdP Metadata URL: We will paste the Issuer URL we grabbed in the previous step here.
Once the information is entered correctly, click Import IdP Settings & Save.
Once settings have been saved, you'll be shown all of the authentication provider settings which will be filled in automatically.
Scroll down to the “Authentication Provider Generated Config” section and take note of the values for Assertion Consumer Service URL and Service Provider Entity ID.
Navigating back to the Onelogin admin portal now, click on the Configuration tab to the left and fill in the relevant information we just took note of above.
Use the value generated for Service Provider Entity ID on the Telnyx Mission Control Portal and paste it in the field Audience (EntityID).
Use the value generated for Assertion Consumer Service URL on the Telnyx Mission Control Portal and paste it in the fields Recipient, and ACS (Consumer) URL*.
For the ACS (Consumer) URL Validator* you must fill in the ACS URL escaped in a regular expression format: https:\/\/api\.telnyx\.com\/sso\/saml\/auth\/telnyxtest
For the Login URL enter the following url: https://api.telnyx.com/sso/saml/login/YOUR_SHORT_NAME
Make sure you select "Email" for the “SAML nameID format”.
Once all of your configuration settings have been entered successfully, click the blue Save button in the top right-hand corner of the page.
When you are ready to enable SSO with your provided configuration, click the Enable Single Sign-On checkbox on the Telnyx Mission Control Portal and hit Save Changes.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.