Step 1: Get your ACS URL from Plecto
ACS URL stands for Assertion Consumer Service URL and is also referred to as the service provider sign-in URL or recipient URL. You will need to use this URL when configuring OneLogin in step 2.
Go to Settings.
Click the Enable SSO checkbox.
Copy the URL from the ACS URL field.
Proceed to OneLogin and Step 2.
Step 2: Configure OneLogin
Go to onelogin.com/admin > Applications > Add app.
Search for "SAML."
Choose SAML Test Connector (Advanced) OneLogin, Inc. and add it.
Go to Configuration and create the following setup:
Recipient | https://app.plecto.com/auth/sso/<UUID>/saml/ |
ACS (Consumer) URL Validator | .* |
ACS (Consumer) URL | https://app.plecto.com/auth/sso/<UUID>/saml/ |
Login URL | https://app.plecto.com/auth/sso/<UUID>/saml/ |
SAML nameID format | |
NameID Policy | Transient |
SAML signature element | Both (Assertion and Response) |
Go to Parameters and create the following setup:
Login | Include SAML assertion | |
First Name | First Name | Include SAML assertion |
Last Name | Last Name | Include SAML assertion |
Save and move to Step 3.
Step 3: Configure Plecto
Go to Settings.
Make sure the Enable SSO option is checked.
Choose With metadata file.
SAML metadata URL: Use the Issuer URL from OneLogin. You can find it in OneLogin > SSO > Issuer URL, and it should look like the following: https://app.onelogin.com/saml/metadata/0d85...
Allow SAML provisioning: If enabled, employees with access to SSO will automatically be created when trying to log in to Plecto.
Click Save to finish.