Integrate OneLogin SSO with jumpserver
Integrating OneLogin Single Sign-On (SSO) with Jumpserver
Overview: This article describes integrating OneLogin Single Sign-On (SSO) with Jumpserver, focusing on configuring SAML settings in OneLogin and Jumpserver for web application authentication.
Note:
SAML is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.
Step 1: Log in to OneLogin and Add the Application.
Step 2: Search for SAML TEST and select SAML Test Connector (Advanced).
Step 3: Change the Display name and save.
Step 4: Select the configuration tab from the right panel and fill in the Application details.
- Audience (EntityID) - Entity ID ( you can find it from ezeelogin GU > Settings > SAML)
- Recipient - Assertion Consumer Service URL ( you can find it from ezeelogin GU > Settings > SAML)
- ACS (Consumer) URL Validator - Entity ID ( you can find it from ezeelogin GU > Settings > SAML)
- ACS (Consumer) URL
- Single Logout URL - Single Logout Service URL ( you can find it from ezeelogin GU > Settings > SAML)
Step 5: Select the SSO tab from the right panel & Copy the Issuer URL and paste it to the Metadata URL on Ezeelogin GUI > Settings > SAML Metadata URL
Step 6: Click on the fetch button, it will auto-fill the SAML setting and SAVE it.
Step 7: Select the users tab from the left panel and click on the new user then provide first name, last name, and email to save the user.
Step 8: Select applications from the left panel and click on the add icon to map the application to the user.
Step 9: Select the application from drop-down and then save the application.
Step 10: Change Web panel Authentication to SAML from Ezeelogin GUI > Settings > General >Authentication.
Step 12: Log in to Ezeelogin GUI with SAML authentication.
![](https://www.ezeelogin.com/kb/assets/serv.png)
![](https://www.ezeelogin.com/kb/assets/samlhend.png)
Step 14: You can log in to Ezeelogin shell via Webssh shell or using any SSH client such as Putty or terminal etc.
- WebSSH: Click on the 'Open Web SSH Console' icon to SSH via the browser.
- WebSSH terminal will open like below. Users can navigate the server group with the Up and Down arrow buttons and enter to log into the server.
- Native SSH Client: After resetting the password and security code you can SSH to the Ezsh shell (using Terminal or Putty) with the SAML username.
![](https://www.ezeelogin.com/kb/assets/sshes.png)
The user will be able to ssh without being prompted for the 2FA codes only if the user is logged into the web panel, otherwise, if the user is not logged into the web panel it would prompt for the 2FA codes.
![](https://www.ezeelogin.com/kb/assets/skip2.png)
Note:
- You need to add a different email address for each user. By default, Ezeelogin uses email addresses for creating users.
- If you want to add an existing user in Ezeelogin to SSO, Add the user with the exact username, and email address as follows. (Ezeelogin will verify with the email address of the users by default). Make sure to add the email address for the Ezeelogin Administrator user.
- Saml authentication is not supported for slaves if the URL is IP-based. If you want to authenticate slave using saml you have to use the domain name.
Related Articles: