| description |
|---|
OneLogin SSO for Forest Admin |
{% hint style="info" %} You must have one project in your organization with the plan Forest Admin Pro plan to access this feature. {% endhint %}
- In your OneLogin admin dashboard, click Add app
- Select SAML Custom Connector (Advanced) and follow the wizard.
- In the Configuration section, enter all required parameters as shown in the tab bellow.
- Navigate to SSO section, and copy the
Issuer URLhead to Forest Admin, select XML file upload or XML file endpoint and paste theIssuer URLto the Metadata XML endpoint. - You can perform some tests before enabling it for your whole company..
| Setting | Description | Value |
|---|---|---|
| ACS URL* | Assertion Consumer Service URL is responsible for receiving the SAML response | https://api.forestadmin.com/api/saml/callback |
| ACS Consumer) URL Validator* | URL Validator | ^https://(api|app).development.forestadmin.com/.*$ |
| Logout URL | Redirected to this location after logout | https://app.forestadmin.com/login |
| SAML nameID format | Should be the email address used on Forest Admin accounts | Select Email |
| Audience (EntityID) | A globally unique name | forestadmin-OrganizationName |
| (Optional) RelayState | Only useful for IDP-initiated login | {"organizationName": "<OrganizationName>", "destinationUrl": "organization.projects"} |
You can find more info on IDP-initiated login here
.png)
Check the steps below this if you encounter an issue:
- Double check all information (endpoints, certificate expiration dates, etc..)
- Make sure the
nameIDconfigured on your Identity Provider is the email address used on Forest Admin accounts