The Fonolo Portal is compatible with OneLogin Single Sign-On (SSO) via SAML2 and this guide will walk you through the implementation steps.

Add Fonolo as an App

1. Log in to OneLogin as an Administrator.
2. On the OneLogin home page, go to Applications.
3. Select Add App.
4. In the search bar at the top of the page, search for and then select Fonolo. This connector is used to establish the SSO connection to Fonolo.
5. Save and then go to the SSO tab to continue.

SSO Tab

6. Make sure that X.509 Certificate is set to Standard Strength Certificate (2048-bit).
7. Make sure that the SAML Signature Algorithm is set to SHA-256.
8. Copy the Issuer URL and the SAML 2.0 Endpoint (HTTPS) to a safe place for use later in setting up SSO in the Fonolo Portal.

Add Users to the App

Now that the Fonolo App has been created, you must add OneLogin users so that your team members can have SSO access to the Fonolo Portal.

1. On the OneLogin home page, go to Users > Users (1).
2. Select the User to be given SSO access.
3. Go to the Applications tab for the user.
4. Select Add Application and select the Fonolo App. The Edit Login dialog opens.
5. In the Fonolo Role field, select one of the following roles, depending on the level of access the user needs and then select Add:
   • StatsUser
   • StandardUser
   • AccountManager

   Go to Account Role Types for more information on roles and their permissions.

6. Make sure that the role you selected shows under the Added Items section and then select Save.

Download the Certificate

Next, you must download the OneLogin IdP Certificate.

1. On the OneLogin home page, go to Security > Certificates.
2. Select Standard Strength Certificate (2048-bit). The settings dialog for the certificate opens.
3. Make sure that the certificate is configured with SHA256 as the SHA Fingerprint and has an X.509 PEM formatted RSA Certificate.
   

   Fonolo can work with PEM or DER formatted RSA certificates. DSA certificates are not currently supported.

4. Save your changes, and then Download the certificate to a safe place for use later in setting up SSO in the Fonolo Portal.

Set Up the Fonolo Portal

Next, you must configure the Fonolo Portal for SSO.

1. Log in to the Fonolo Portal as a user with the Account Manager role.
2. Go to Admin > Settings > Security > Single Sign-On.
3. Select Add Single Sign-On Profile. The Update SSO Profile dialog opens.
4. Set up the SSO Profile:
   1. Enter a name for the SSO Profile in SSO Label. This name will be used within the Fonolo Portal.
   2. Paste the Issuer URL that was saved in the OneLogin Portal into Issuer URL.
   3. Paste the SAML 2.0 Endpoint (HTTPS) that was saved into SAML Endpoint.
   4. Select Browse next to the IdP Certificate field and select the X.509 Certificate that was downloaded. The certificate uploads and processes automatically.
   5. In Request Binding, select HTTP Redirect.
   6. In Email Domains, enter the domains of the corporate email addresses your users will use to sign in. Do not enter webmail domains (gmail, hotmail, yahoo, etc.).
   7. Make sure that the Account Creation and Account Update check boxes are selected. This lets you generate and update Fonolo Portal user accounts during SSO login.

   Required Attributes can be left with the default settings unless further customization is needed.

5. Select Save Profile. The SSO setup is now complete.

Test the Login

To test out the new SSO connectivity:

1. Log in as a new user in the OneLogin Portal that you have added the Fonolo app to.
2. Select the Fonolo Portal Login app. The Fonolo Portal opens, with the user logged in with the role given in the OneLogin Portal.