OneLogin Integration

# MIRACL Trust Application Setup

An application on the MIRACL Trust platform is required. It is used by the OneLogin platform as a Trusted IdP. Learn how to register a new app here.

Note: The Redirect URL you need to enter in the MIRACL Trust application needs to redirect to the OneLogin platform back and, at the time of this writing, it is constructed as companyname.onelogin.com/access/idp, where companyname is the site name of the developer account you’ve created in the OneLogin platform.

# OneLogin Setup

First of all you need to log in to OneLogin as an administrator. If you don’t have an account, you can read the OneLogin docs and get a developer account.

Note: You need to have an application, which already authenticates you successfully to the OneLogin platform, before setting up MIRACL Trust as a Trusted IdP.

# Create a New Trusted IdP

  • Select Authentication > Trusted IdPs
  • Click New Trust to add a new trusted identity provider
  • Type MIRACL Trust as name for your identity provider
  • Make sure that the Enable Trusted IDP check box is checked

# Configurations

  • In the Issuer text box, type https://api.mpin.io
  • Make sure that the Sign users into OneLogin check box is checked
  • (Optional) In this section you can specify the Email Domains which are directed straight to MIRACL Trust to authenticate

# User Attribute

  • In the User Attribute Value text box type {tidp.email} (Note: It is enabled, once you select OIDC as a Protocol Type in the step below).
  • From the User Attribute Mapping drop-down list, select Email.
  • (Optional) You can specify Allowed Email Domains which are allowed to login with MIRACL Trust.

# Protocol

  • From the Protocol Type drop-down list, select OIDC.

# OIDC Configurations

  • For Authentication Endpoint fill in https://api.mpin.io/authorize
  • For Token Endpoint Auth. Method specify POST
  • For Token Endpoint fill in https://api.mpin.io/oidc/token
  • For User Information Endpoint fill in https://api.mpin.io/oidc/userinfo
  • For Scopes fill in openid email
  • For Client ID fill in the Client ID you received from the MIRACL Trust Application setup
  • For Client Secret fill in the Client Secret you received from the MIRACL Trust Application setup

When everything is filled in, press the Save button.

# OneLogin Gotchas

  • Make sure that you authenticate in both MIRACL Trust and OneLogin with the same email.
  • The OneLogin user you’re trying to authenticate, should be connected to your OneLogin OIDC application and should be setup to authenticate with MIRACL Trust as a Trusted IdP.