Step 1: Get your ACS URL from Plecto
ACS URL stands for Assertion Consumer Service URL and is also referred to as the service provider sign-in URL or recipient URL. You will need to use this URL when configuring OneLogin in step 2.
Go to Organization > Settings.
Click the Enable SSO checkbox.
Copy the URL from the ACS URL field.
Proceed to OneLogin and Step 2.
Step 2: Configure OneLogin
Go to onelogin.com/admin > Applications > Add app.
Search for "SAML."
Choose SAML Test Connector (Advanced) OneLogin, Inc. and add it.
Go to Configuration and create the following setup:
Recipient | https://app.plecto.com/auth/sso/<UUID>/saml/ |
ACS (Consumer) URL Validator | .* |
ACS (Consumer) URL | https://app.plecto.com/auth/sso/<UUID>/saml/ |
Login URL | https://app.plecto.com/auth/sso/<UUID>/saml/ |
SAML nameID format | |
NameID Policy | Transient |
SAML signature element | Both (Assertion and Response) |
Go to Parameters and create the following setup:
Login | Include SAML assertion | |
First Name | First Name | Include SAML assertion |
Last Name | Last Name | Include SAML assertion |
Save and move to Step 3.
Step 3: Configure Plecto
Go to Organization > Settings.
Make sure the Enable SSO option is checked.
Choose With metadata file.
SAML metadata URL – Use the Issuer URL from OneLogin. You can find it in OneLogin > SSO > Issuer URL, and it should look like the following: https://app.onelogin.com/saml/metadata/0d85...
Allow SAML provisioning – If enabled, employees with access to SSO will automatically be created when trying to log in to Plecto.
Click Save to finish.