Note: SSO configuration requires being an organizational admin. Please reach out to us for help configuring your Koan instance appropriately.
If your organization is already using OneLogin for authentication and management, existing Koan users can use it to sign in. To set up OneLogin SSO, we'll need to:
- gather some information about your OneLogin region
- create an OneLogin OpenID Connect application
- assign OneLogin users to the new application
- configure Koan
Here's how it works.
Create a OneLogin OpenID Connect application
Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the OneLogin dashboard,
- Navigate to the "Apps" tab
- Click "Add App", then search for oidc". Select OpenID Connect from the results.
- Enter Koan as the Display Name and choose "Visible in portal". We'll skip the icon upload step and upload in the next step instead. Click Save in the upper right corner.
- On the next page, upload this rectangular icon and this square icon and click Save, then navigate to the Configuration tab.
- In the Configuration tab, fill in the Login URI as:
https://myapp.koan.co/oauth/redirect/onelogin/signin. Be sure to replace
myappin the URL with your Koan domain! For the Redirect URI, fill in:
https://myapp.koan.co/callbacks/oauth/onelogin. Be sure to replace
myappin this URL as well.
- Next, navigate to the SSO tab. Copy the Client ID and Client Secret from here, and enter it into the OneLogin configuration page inside Koan, found at
myappreplaced with your Koan domain).
- Inside Koan:
Click Save Configuration and you're all set!