Configuring OneLogin as Identity Provider    


    1. Log in your OneLogin domain and click Applications under the Applications tab.


    2. In the displayed page, click Add App.


    3. Search for SAML from the search box and select SAML Test Connector (Advanced) from the search results.

    4. Provide a Name and upload a Logo for your application.
    5. Click Save.

    6. Go to the Configurations tab and enter the details as given below.

      Field Name


      ACS (Consumer) URL Validator

      Assertion Consumer URL in ServiceDesk Plus MSP

      ACS (Consumer) URL

      Assertion Consumer URL in ServiceDesk Plus MSP

      Single Logout URL

      Single Logout Service URL in ServoiceDesk Plus

      Audience (Entity ID)

      Entity ID in ServiceDesk Plus MSP

    7. Select the required SAML nameID format from the drop-down. ServiceDesk Plus MSP supports the following formats:

      1. Email: Choose this if you want to login using the email address configured in ServiceDesk Plus MSP.
      2. Transient/Persistent: Choose this format if you want to login using the login name configured in ServiceDesk Plus MSP.
      3. Unspecified: Choose this if you want to login using the User Principal Name of your Active Directory account imported into ServiceDesk Plus MSP.

    8. Click Save.

    9. Open the Parameters tab.

    10. Click NameID value. In the displayed drop-down, choose the required value for the NameID format selected in the previous screen using the following pointers:

      • For Email format, select Email as the value.

      • For Persistent/Transient formats, select an option that returns the value in the format <DOMAIN\username>. Alternatively, select Macro to configure a custom option to achieve the same. The syntax can be found here.

      • For Unspecified format, select userPrincipalName as the value.

    1. Dynamic User Addition in ServiceDesk Plus MSP is supported only for Persistent/Transient nameID formats.
    2. The NameID value configured in OneLogin should match that of ServiceDesk Plus MSP. Otherwise, redundant user addition might take place.

    1. Under the SSO tab, you will find the IdP details to be entered in the ServiceDesk Plus MSP application.
    2. Enter the details as given below.

      ServiceDesk Plus MSP Attribute

      OneLogin Attribute

      Login URL

      SAML 2.0 Endpoint

      Logout URL

      SLO Endpoint


    3. To download the Certificate, click the View Details option under X.509 Certificate.
    4. Choose the certificate format as X.509 PEM/X.509 DER and click Download.

    5. You can assign the application to various users under the Users tab.

    You have now configured ServiceDesk Plus MSP as a service provider in OneLogin.

    Go to the SAML configuration page in ServiceDesk Plus MSP and provide the IdP details to complete the integration. 

    Zoho Corp. All rights reserved.