This article will walk you through how to configure Braze to use OneLogin for single sign-on.
OneLogin is a cloud identity platform that provides a comprehensive solution for managing user identities. OneLogin integrates with cloud and on-premise applications using SAML 2.0, for Single Sign-On (SSO), user provisioning, multi-factor authentication, and more.
Upon setup, you will be asked to provide a Sign-On URL and an Assertion Consumer Service (ACS) URL.
|Braze Domain||You will need your Braze domain to set up Braze within OneLogin. If your instance is
For example, if your dashboard URL is
Service Provider (SP) Initiated Login within OneLogin
Step 1: Configure the Braze App
- Log into OneLogin. Click on
- Go to
Add Appsin the top navigation bar. Search for
Brazeand select the Braze app.
- Save the Braze app to your Company.
- Once saved, go to
Configurationand add your
- Braze expects the SAML assertions in a specific format. Under
Parametersthe attributes supported by Braze should be pre-populated. Simply verify that this is correct.
- Copy the
SAML 2.0 Endpoint (HTTP)needed to set up the Braze dashboard from under the
Step 2: Configure OneLogin within Braze
Once you have set up Braze within your OneLogin, they will provide a Target URL (
SAML 2.0 Endpoint (HTTP)) and
x.509 certificate which you will input into your Braze account.
After your Account Manager has enabled SAML SSO for your account, go to
Company Settings >
Security Settings and toggle the SAML SSO section to
On this page, you, input:
||This will appear as the button text on the login screen. This is typically your IdP name, like “OneLogin”.|
||This is the
Create and Enable a Braze API Key for IdP Login (Optional)
To enable IdP initiated login, you will first need to create an API Key in
Developer Console >
Input the generated API Key as the
RelayState parameter within OneLogin under
Configuration, which will be used to identify which company the user is trying to log into.
If you want your Braze account users to only sign in with SAML SSO, you can restrict single sign-on authentication from the
Company Settings page.