Skip to main content

OneLogin SAML SSO

  1. Create a OneLogin account (not necessary if you have one already)

    • Go to http://onelogin.com and follow the instructions to register and create an organization. You will have to choose your organization name

  2. Create a OneLogin application

    1. The application will have a configuration for your MyPay account

    2. Login to OneLogin with your new account

    3. Go to the Application tab

    4. Click “Add App”

    5. From the list choose “SAML Custom Connector (Advanced)”

    6. Fill in the name, e.g. “MyPay” and hit Save

    7. In the “Configuration” section, fill “Audience (Entity ID)” to “mypay.management”

    8. In the “SSO” tab, copy the value of “SAML 2.0 Endpoint (HTTP)”

    9. Later you can try to fill additional settings, but it is recommended to start with those basic settings first

  3. Configure a 3rd party authentication provider in MyPay

    1. Within the admin role in MyPay, go to "Administration" → “additional setup“ -> "External Authetication Provider" and click "Create"

    2. Choose a name

    3. Set the type to SAML

    4. Set “Authorise URL” to the url you copied in OneLogin SSO tab (Done Above)

 

 

After you press save, your SSO should work.

 

Logging In

To login to MyPay using OneLogin, users can just navigate to the "Login URL" of the external authentication provider.

You can find it in: "Administration" → “additional setup“ → "External Authentication Provider" → select your authentication provider → Login URL. Users should get this URL from the administrator.

To make your SSO more secure, you should also set value of the Identity Provider Certificate. You can find and copy the certificate at the OneLogin application under the SSO tab at “X.509 Certificate”

By default, your OneLogin SAML SSO will provide the user email with the “name_id” attribute. If that's not the case, you can then check in another custom attribute that you may have created. In this case, set the name of the attribute to the “Custom Email Attribute” field.

Note: An employee record must exists in MyPay for the user to be able to login to MyPay using OneLogin. If an employee record doesn't exist, the login method will fail.

 

Was this article helpful?