---
title: "OneLogin Setup"
slug: "onelogin-setup"
updated: 2022-08-30T16:27:29Z
published: 2022-08-30T16:27:29Z
canonical: "help.nucleussec.com/onelogin-setup"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OneLogin Setup

This article is intended to get you up and running with OneLogin as your SSO provider with Nucleus.

          Note

          

You will need superadmin access within your OneLogin console to set up the Nucleus app.

## Prerequisites:

You will need to tell your Nucleus support representative that you are setting up SSO. If you are setting up token encryption, inform your Nucleus support representative. They will send you the relevant information to interface with your Nucleus instance, including relevant URLs.

1. Log into your OneLogin console.
2. Click the Administration link in the top right of the screen.

![onelogin-admin.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-admin.png)

1. Navigate to **Applications > Applications**.

![onelogin-apps.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-apps.png)

1. Click **Add App**.

![onelogin-add.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-add.png)

1. Search **saml test** in the search bar.

![onelogin-saml.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-saml.png)

1. Scroll down the list until you find **SAML Test Connector (Advanced)**.

          Note

          

This should be the first entry in the list

1. Add the following information:

| Option | Description |
| --- | --- |
| Display Name | This should be a descriptive name for the application (e.g. Nucleus) so you know what it is in your list of apps. This is what your employees will see in their OneLogin consoles. |
| Visible in Portal | Generally, you want to make sure this is enabled so that users can see this application in their console. |
| Upload an Icon | You are able to upload a Nucleus logo to be displayed with the name. |

1. Click **Save**.
2. Click the **Configuration** tab in the lefthand navbar
3. Enter the following information into the resulting window:

| Option | Description |
| --- | --- |
| ACS (Consumer) URL Validator | Use the url which was given to you by your Nucleus support representative. |
| ACS (Consumer) URL | Use the url which was given to you by your Nucleus support representative. |
| Login URL | Use the url which was given to you by your Nucleus support representative. |
| (Optional) SAML not valid before | Can use the default settings here, but change based on your organization's policy. |

Leave everything else the same.

Here is an example configuration. (For close up view, right click on the image and select **Open Image in New Tab**):

![onelogin-config.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-config.png)

1. Click on the **Parameters** tab in the lefthand sidebar
2. Click the + button to add the following parameters.

          IMPORTANT

          

Make sure that "Include in SAML assertion" is checked for all parameters as added.

| Option | Description |
| --- | --- |
| email | Value of Email |
| firstname | Value of First Name |
| lastname | Value of Last Name |
| (Optional) group | This allows Nucleus to see which groups the user belongs to for the app, and allows you to manage all user permissions to Nucleus through OneLogin. |
| (Optional) roles | This allows Nucleus to see which groups the user belongs to for the app, and allows you to manage all user permissions to Nucleus through OneLogin. |

Here is the final result. (For close up view, right click on the image and select Open Image in New Tab):

![onelogin-final.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/onelogin-final.png)

1. Click on the **Access Tab** in the lefthand sidebar.
2. Add whichever users and roles you would like to add to the Nucleus SSO application.
3. Click on the **More Actions** dropdown in the top righthand corner of the screen and select **Download SAML metadata**.
4. Save the xml file and Send it to your Nucleus support representative.
5. Click **Save** in the top right corner of the OneLogin browser window
6. Send the SAML metadata to your Nucleus support representative.

After sending over your SAML metadata, your organization should be enabled for SSO within 24 hours. Your Nucleus support representative will have more information for you.

If you are setting up token encryption, confirm the URL provided to you includes the parameter "`?sso=`", which is required for token encryption. If the URL doesn't contain that parameter, reach out to your Nucleus support representative.