OneLogin SSO - Setup

Resources

GETTING STARTED - OneLogin SSO

In this tutorial, you'll learn how to integrate WestFax with OneLogin's Single Sign on solution.
When you integrate WestFax with OneLogin, you can:

  • Control who has access to the WestFax platform.
  • Enable your users to be automatically signed-in to WestFax with their OneLogin SSO accounts.
  • Manage your accounts in one central location.

Prerequisites

To get started, you need the following items:

  • OneLogin Organization Account with at least one user.
  • WestFax Enterprise account with AD/SSO enabled.

Configuring WestFax for SSO

If you have enabled SSO/AD with WestFax you are just a few steps away from enabling single sign on with WestFax.

Here are the steps to get your SSO setup with WestFax:

In order to utilize SSO and Active Directory sync you must have SSO enabled on your account. Contact your account manager and ask them to activate this functionality. There may be some setup fees involved. Your account manager can walk you through the process and provision your account.

After you are SSO enabled you will want to login to the admin tool and go to the SSO tab and you should see a screen like this:

SAML Image 1


There are three values here you want to copy for use in the Azure setup:

Consume Endpoint: https://home.westfax.com/login/Consume/YourProviderId
Redirect Endpoint: https://home.westfax.com/login/sso/YourProviderId
Metadata Endpoint: https://home.westfax.com/login/metadata/YourProviderId

You will need these values later. Copy them somewhere for use.

At this point you need to log in to OneLogin Admin panel for your organization. We will create a new App in the Applications section for use with OneLogin

Here are the steps:

  1. Login to OneLogin Admin Dashboard
    With your admin account log into the OneLogin Admin portal cloud website.
  2. Go to Applications -> Applications

  3. Click "Add App" Button on the top Right

  4. In the Search Box type SAML Custom Connector


    You will see a few items. Choose the one that is labeled: SAML Custom Connector (Advanced) and the author is OneLogin. This is the initial template for a SAML connection to WestFax.

    OneLogin Image #1
  5. Click the SAML Custom Connector (Advanced) option


    Enter WestFax for the name and here is a logo you can use if you like for the application Logo. Click Save when you are done. This will create the WestFax Application and give you additional settings to change in the next steps.

    OneLogin Image #2
  6. Click Configuration on the left menu.
    You will copy several values you previously saved from the first step when you were on the WestFax Admin panel.

    OneLogin Image #3

    For the fields enter the following:
    1. A - Audience (Entity ID): https://home.westfax.com/login/metadata/YourProviderId
    2. B - ACS (Consumer) URL Validator: https://home.westfax.com/login/Consume/YourProviderId
    3. C - ACS (Consumer) URL: https://home.westfax.com/login/Consume/YourProviderId
    4. D - Login URL: https://home.westfax.com/login/sso/YourProviderId
    Now Scroll down and see the settings below:

    OneLogin Image #4

    For the SAML nameID Format> enter the following:
    • E - SAML nameID Format: Email

    * Note: We can use other values for this but this is the default for WestFax.
  7. Now Click SSO on the left menu

    On this page we will copy our SAML 2.0 Endpoint (HTTP). Save this to your notepad for use in the next step.

    OneLogin Image #5

  8. Click View Details under the X.509 Certificate box.


    OneLogin Image #6

    Download the Certificate to a secure location. You will use this in the last step.
  9. Done with the OneLogin settings. Click Save to finalize your settings. You will have to manage your users access to the WestFax app as you would for any OneLogin application.

Now you will want to copy the two values from the Previous step into the WestFax SSO panel. Then we'll also add your OneLogin x.509 certificate as well. You will need to login to the WestFax Admin panel first and click on the SSO section.

Here is the screen you will add your settings.

Admin Panel

Needed Settings:

A - Login Endpoint - This comes from the previous step (SAML 2.0 Endpoint (HTTP)).
B - Client Id (App Id) - This comes from the previous step (SAML 2.0 Endpoint (HTTP) snippet). You need to copy the hash GUID value after "/http-post/sso/" for the Client ID.
C - Certificate x.509 - This is the certificate file you previous downloaded. Click upload, select your X.509 certificate.

When you are done click Save Settings.

You are now setup for SSO!

You will want your team to login using the Redirect Login link which is:
https://home.westfax.com/sso/login/YourProviderId

If you have any questions please reach out to us directly at 303-299-9329 or contact your account manager.

Get your SSO and Fax platform integrated today!

What is Single Sign On (SSO)?

Single sign on (SSO) is an identification method that allows users access to multiple applications / websites with one set of credentials. The integration of SSO within an enterprise makes password management easier and improves security as workers access applications that are on-premises as well as in the cloud.

WestFax SSO integration allows for seamless sign-on to the Fax Console and makes fax provisioning and permissions management simple.

What is Active Directory Sync?

Active Directory Synchronization is a light-weight application installed on the customers computer that enables simple synchronization of users and fax lines.

An admin creates Security groups for each fax line and then adds and removes users to that group. Each group is bound to a fax number in the WestFax portal. Users can belong to several Security groups which would grant them access to multiple fax numbers.

Need to remove access? Just remove the user from the Security group and they no longer have access to the fax number.