3242383 - We are using OneLogin SAML/SSO and want to integrate our SAP Signavio workspace into it. What steps do we have to perform?

We are using OneLogin SAML/SSO and want to integrate our Signavio workspace into it. What steps do we have to perform? 

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

The information provided does not imply that SAP Signavio Product Support have any expertise in setting up 3rd party identity provider (IdP) systems for customers. These are merely bits of information that were gathered over time while configuring the SAML SSO with identity providers, which may help you with a smoother setup. If you require assistance setting up your IdP system, please reach out to your consultant, partner, or specialized support.

The following is a list of instructions for configuring SSO with OneLogin.

You can set up SSO using OneLogin as an identity provider with your organization, to start, go to your OneLogin Admin Panel, https://<<COMPANYNAME>>.onelogin.com/admin (Where COMPANYNAME = your OneLogin registered companyname)

1. Once there, go to the menu "Appliations" → "Applications"
   
   
   
   
2. To add a new Application, select "Add App" on the right
   
   
   
   
3. In the search field, type 'Saml test'. NOTE: Please do not use the app that is already there for SAP Signavio as it will not work with SAML.
   
   
   
   
4. Please set up using the following additional information over the defaults:
   
   1. Info Tab:
      1. Please choose a name for your new application and add a SAP Signavio logo for your application.
   2. Configuration Tab:
      1. NOTE: Please use the following table and link to configure the OneLogin options, Which SAML ACS URL / EntityID will be used by Signavio?

      2. 
         

         OneLogin Field	Equivilent Signavio Option (see link)
         Audience	EntityID
         Recipient (or Destination)	ACS*-field (Recipient)
         ACS (Consumer) URL Validator	ACS*-field (Recipient)
         ACS (Consumer) URL	ACS*-field (Recipient)
         SAML nameID format	Email

         
         

   3. Parameters Tab:

      1. Add the below values, please tick 'Include in SAML assertion':

         Name	Value
         NameID value	UUID
         email	Email
         first_name	First Name
         last_name	Last Name

         
         

5. Save your settings.
   
   
   
   
   

6. Download the metadata.
   
   
   
   

7. Now you have finished the setup in Onelogin for your Signavio app, don't forget to;

   • Assign users/groups in OneLogin that you want to access the Signavio app.
   • Upload the file that you downloaded in Step.6, into your Signavio workspace, please see Documentation Enable SSO authentication using SAML for your workspace.

If you have any issues setting up Onelogin with Signavio, please open a ticket in the SAP Launchpad with:

• Screenshots of the configuration tab
• Screenshots of the parameters tab
• Your workspace ID
• (optional) HAR-file of the SAML response,

KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To

SAP Signavio Process Manager all versions ; Signavio Process Manager all versions