OneLogin
OneLogin is a cloud identity platform that provides a comprehensive solution for managing user identities. OneLogin integrates with cloud and on-premise applications using SAML 2.0, for Single Sign-On (SSO), user provisioning, multi-factor authentication, and more.
Requirements
Upon setup, you will be asked to provide a Sign-On URL and an Assertion Consumer Service (ACS) URL.
Requirement | Details |
---|---|
Braze Domain | You will need your Braze domain to setup Braze within OneLogin. If your instance is US-01 , you will need to input your dashboard URL into the OneLogin dashboard. For example, if your dashboard URL is https://dashboard-01.braze.com , you need to input dashboard-01.braze.com . |
Service Provider (SP) Initiated Login within OneLogin
Step 1: Configure the Braze App
- Log into OneLogin. Click on
Administration
. - Go to
Apps
>Add Apps
in the top navigation bar. Search forBraze
and select the Braze app. - Save the Braze app to your Company.
- Once saved, go to
Configuration
and add yourBraze Domain
. - Braze expects the SAML assertions in a specific format. Under
Parameters
the attributes supported by Braze should be pre-populated. Simply verify that this is correct. - Copy the
Certificate
andSAML 2.0 Endpoint (HTTP)
needed to set up the Braze dashboard from under theSSO
tab.
Step 2: Configure OneLogin within Braze
Once you have setup Braze within your OneLogin, they will provide a Target URL (SAML 2.0 Endpoint (HTTP)
) and x.509
certificate which you will input into your Braze account.
After your Account Manager has enabled SAML SSO for your account, go to Company Settings
> Security Settings
and toggle the SAML SSO section to ON
.
On this page, you, input:
Requirement | Details |
---|---|
SAML Name |
This will appear as the button text on the login screen. This is typically your IdP name, like “OneLogin”. |
Target URL |
This is the SAML 2.0 Endpoint (HTTP) URL provided by OneLogin. |
Certificate |
The x.509 PEM encoded certificate is provided by your OneLogin. |
Create and Enable a Braze API Key for IdP Login (Optional)
To enable IdP initiated login, you will first need to create an API Key in Developer Console
> API Settings
.
Input the generated API Key as the RelayState
parameter within OneLogin under Configuration
, which will be used to identify which company the user is trying to log into.
If you want your Braze account users to only sign in with SAML SSO, you can restrict single sign-on authentication from the Company Settings
page.