You can integrate your SAML2 Single Sign-On (SSO) with the Fonolo Portal through OneLogin. This guide will walk you through setting up the Fonolo SSO.

Add Fonolo as an App

1. Log in to OneLogin as an Administrator.
2. On the OneLogin home page, go to Applications.
3. Select Add App.
4. In the search bar at the top of the page, search for and then select SAML Test Connector (Advanced). This connector is used to establish the SSO connection to Fonolo.
5. Enter a name for the App in Display Name.
   1. (Optional) Add a rectangular icon and square icon for the Fonolo App. You can save the following images to use as the icons:
6. Save and then go to the Configuration tab to continue.

Configuration Tab

7. Enter the application details exactly as follows. Fields that are not shown can be left as default:

   Field Name	Required Value
   Audience (EntityID)	https://portal.fonolo.com/saml
   Recipient	https://portal.fonolo.com/saml
   ACS (Consumer) URL Validator	https://portal.fonolo.com/saml/metadata
   ACS (Consumer) URL	https://portal.fonolo.com/saml
   SAML signature element	Assertion

   
8. Save and then go to the Parameters tab to continue.

Parameters Tab

On the Parameters tab, there are five parameters that must be added, exactly as shown.

9. Select Add Parameter. The New Field dialog opens.
10. Enter the parameter in Field Name. The parameters (and their values) that must be confirmed are:

    Parameter	Value
    FirstName	First Name
    LastName	Last Name
    FonoloRole	Title
    Email	Email
    NameID value	Email

    The parameter must be entered exactly as shown, without any extra spaces, and with the given capitalization.

    
11. For each value, make sure that the Include in SAML assertion check box is selected and then select Save. The Edit Field dialog opens.
12. Match each parameter to its corresponding Value in OneLogin. Make sure that the Include in SAML assertion check box is selected.

    The FonoloRole Field Name can be mapped to any value in OneLogin. We recommend that you use a Custom User Field.

13. Save the new parameter.
14. Repeat steps 9 to 13 for each parameter until all five parameters have been added and mapped to the appropriate value.

    The Name ID value parameter might already exist. If it does, do not add it again as part of this procedure.

15. Save and then go to the SSO tab to continue.

SSO Tab

16. Make sure that X.509 Certificate is set to Standard Strength Certificate (2048-bit).
17. Make sure that the SAML Signature Algorithm is set to SHA-256.
18. Copy the Issuer URL and the SAML 2.0 Endpoint (HTTP) to a safe place for use later in setting up SSO in the Fonolo Portal.
19. Select Save. The Fonolo app is now set up in OneLogin.

Add Users to the App

Now that the Fonolo App has been created, you must add OneLogin users so that your team members can have SSO access to the Fonolo Portal.

1. On the OneLogin home page, go to Users > Users (1).
2. Select the User to be given SSO access.
3. Go to the Applications tab for the user.
4. Select Add Application and select the Fonolo App. The Edit Login dialog opens.
5. Make sure that all the information for the user is correct, including that Show this app in Portal is selected and that FonoloRole contains one of the following roles, depending on the level of access that the user needs:
   • StatsUser
   • StandardUser
   • AccountManager

   Go to Account Role Types for more information on roles and their permissions.

6. Select Save.
7. Repeat steps 1 to 6 for each user that needs SSO access to the Fonolo Portal.

Download the Certificate

Next, you must download the OneLogin IdP Certificate.

1. On the OneLogin home page, go to Security > Certificates.
2. Select Standard Strength Certificate (2048-bit). The settings dialog for the certificate opens.
3. Make sure that the certificate is configured with SHA256 as the SHA Fingerprint and has an X.509 PEM formatted RSA Certificate.

   Fonolo can work with PEM or DER formatted RSA certificates. DSA certificates are not currently supported.

4. Save your changes, and then Download the certificate to a safe place for use later in setting up SSO in the Fonolo Portal.

Set Up the Fonolo Portal

Next, you must configure the Fonolo Portal for SSO.

1. Log in to the Fonolo Portal as a user with the Account Manager role.
2. Go to Admin > Settings > Security > Single Sign-On.
3. Select Add Single Sign-On Profile. The Update SSO Profile dialog opens.
4. Set up the SSO Profile:
   1. Enter a name for the SSO Profile in SSO Label. This name will be used within the Fonolo Portal.
   2. Paste the Issuer URL that was saved in the OneLogin Portal into Issuer URL.
   3. Paste the SAML 2.0 Endpoint (HTTP) that was saved into SAML Endpoint.
   4. Select Browse next to the IdP Certificate field and select the X.509 Certificate that was downloaded. The certificate uploads and processes automatically.
   5. In Request Binding, select HTTP Redirect.
   6. In Email Domains, enter the domains of the corporate email addresses your users will use to sign in. Do not enter webmail domains (gmail, hotmail, yahoo).
   7. Make sure that the Account Creation and Account Update check boxes are selected. This lets you generate and update Fonolo Portal user accounts during SSO login.

   Required Attributes can be left with the default settings unless further customization is needed.

5. Select Save Profile. The SSO setup is now complete.

Test the Login

To test out the new SSO connectivity:

1. Log in as a new user in the OneLogin Portal that you have added the Fonolo app to.
2. Select the Fonolo Portal Login app. The Fonolo Portal opens, with the user logged in with the role given in the OneLogin Portal.