Set up SSO for Plecto and OneLogin

Configure single sign-on (SSO) and allow employees log in to your Plecto organization with their credentials from OneLogin. Follow the steps below to configure SSO in Plecto with OneLogin.

ACS URL stands for Assertion Consumer Service URL and is also referred to as the service provider sign-in URL or recipient URL. You will need to use this URL when configuring OneLogin in step 2.

• Go to Organization > Settings in Plecto.
• Click the "Enable SSO" checkbox.
• Copy the URL from the ACS URL field.
• Proceed to OneLogin.

• Go to onelogin.com/admin > Applications > Add app.
• Search for "SAML."
• Choose SAML Test Connector (Advanced) OneLogin, Inc. and add it.
• Go to Configuration and create the following setup:
  • Recipient: Enter the ACS URL you copied from Plecto. It should look like the following: https://app.plecto.com/auth/sso/<UUID>/saml/
  • ACS (Consumer) URL Validator: .*
  • ACS (Consumer) URL: https://app.plecto.com/auth/sso/<UUID>/saml/
  • Login URL: https://app.plecto.com/auth/sso/<UUID>/saml/
  • SAML nameID format: Email
  • NameID Policy: Transient
  • SAML signature element: Both (Assertion and Response)
• Go to Parameters and create the following setup:
  • Login - Email - Include SAML assertion
  • First Name - First Name - Include SAML assertion
  • Last Name - Last Name - Include SAML assertion

• Go to Organization > Settings.
• Make sure the "Enable SSO" option is checked.
• Choose "With metadata file" under "Provide SAML settings."
• SAML metadata URL: Use the Issuer URL from OneLogin. You can find it in OneLogin > SSO > Issuer URL, and it should look like the following: https://app.onelogin.com/saml/metadata/0d85...
• Allow SAML provisioning: If enabled, employees with access to SSO will automatically be created when trying to log in to Plecto.
• Click "Save" in the bottom-right corner.