3242383 - We are using OneLogin SAML/SSO and want to integrate our SAP Signavio workspace into it. What steps do we have to perform?

Symptom

We are using OneLogin SAML/SSO and want to integrate our Signavio workspace into it. What steps do we have to perform?

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Resolution

The information provided does not imply that SAP Signavio Product Support have any expertise in setting up 3rd party identity provider (IdP) systems for customers. These are merely bits of information that were gathered over time while configuring the SAML SSO with identity providers, which may help you with a smoother setup. If you require assistance setting up your IdP system, please reach out to your consultant, partner, or specialized support.

The following is a list of instructions for configuring SSO with OneLogin.

You can set up SSO using OneLogin as an identity provider with your organization, to start, go to your OneLogin Admin Panel, https://<<COMPANYNAME>>.onelogin.com/admin (Where COMPANYNAME = your OneLogin registered companyname)

Once there, go to the menu "Appliations" → "Applications"
To add a new Application, select "Add App" on the right
In the search field, type 'Saml test'. NOTE: Please do not use the app that is already there for SAP Signavio as it will not work with SAML.

Please set up using the following additional information over the defaults:

Info Tab:
1. Please choose a name for your new application and add a SAP Signavio logo for your application.

Configuration Tab:

NOTE: Please use the following table and link to configure the OneLogin options, Which SAML ACS URL / EntityID will be used by Signavio?

OneLogin Field	Equivilent Signavio Option (see link)
Audience	EntityID
Recipient (or Destination)	ACS*-field (Recipient)
ACS (Consumer) URL Validator	ACS*-field (Recipient)
ACS (Consumer) URL	ACS*-field (Recipient)
SAML nameID format	Email

Parameters Tab:
1. Add the below values, please tick 'Include in SAML assertion':
  Name Value
  NameID value UUID
  email Email
  first_name First Name
  last_name Last Name

Save your settings.
Download the metadata.
Now you have finished the setup in Onelogin for your Signavio app, don't forget to;
- Assign users/groups in OneLogin that you want to access the Signavio app.
- Upload the file that you downloaded in Step.6, into your Signavio workspace, please see Documentation Enable SSO authentication using SAML for your workspace.

Name	Value
NameID value	UUID
email	Email
first_name	First Name
last_name	Last Name

If you have any issues setting up Onelogin with Signavio, please open a ticket in the SAP Launchpad with:

Screenshots of the configuration tab
Screenshots of the parameters tab
Your workspace ID
(optional) HAR-file of the SAML response,

Keywords

KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To

Product

SAP Signavio Process Manager all versions ; Signavio Process Manager all versions

Attachments

image2020-8-24_15-45-25.png
image2020-8-24_15-47-3.png
image2020-8-24_15-51-55.png
image2020-8-24_15-56-29.png
image2020-8-24_16-22-10.png
image2020-8-24_16-46-56.png
image2020-8-24_16-48-4.png