How to add OneLogin SSO to Koan

OneLogin SSO is only available on paid Koan plans. Learn more about our pricing here.

If your organization is already using OneLogin for authentication and management, existing Koan users can use it to sign in. SSO configuration requires being an organizational admin. Please reach out to us for help configuring your Koan instance appropriately. To set up OneLogin SSO, we'll need to:

gather some information about your OneLogin region
create an OneLogin OpenID Connect application
assign OneLogin users to the new application
configure Koan

Here's how it works.

Create a OneLogin OpenID Connect application

Next, we'll create a new OpenID Connect application to let Koan create and verify authorization requests. From within the OneLogin dashboard,

Navigate to the "Apps" tab
Click "Add App", then search for oidc". Select OpenID Connect from the results.

Enter Koan as the Display Name and choose "Visible in portal". We'll skip the icon upload step and upload in the next step instead. Click Save in the upper right corner.
On the next page, upload this rectangular icon and this square icon and click Save, then navigate to the Configuration tab.

In the Configuration tab, fill in the Login URI as: https://myapp.koan.co/oauth/redirect/onelogin/signin . Be sure to replace myapp in the URL with your Koan domain! For the Redirect URI, fill in: https://myapp.koan.co/callbacks/oauth/onelogin . Be sure to replace myapp in this URL as well.

Next, navigate to the SSO tab. Copy the Client ID and Client Secret from here, and enter it into the OneLogin configuration page inside Koan, found at https://myapp.koan.co/org/settings/sso (with myapp replaced with your Koan domain).

Inside Koan:

Click Save configuration and you're all set!