Steps to configure SAML SSO for OneTrust

About OneTrust

OneTrust is a comprehensive platform designed to help organizations manage privacy, security, data governance, and compliance across their operations. With solutions covering consent management, third-party risk, ethics, ESG, and beyond, OneTrust empowers companies to build and maintain customer trust while ensuring they stay ahead of evolving compliance requirements.

The following steps will help you enable SSO for OneTrust from Identity360.

Prerequisites

1. The MFA and SSO license for Identity360 is required to enable SSO for enterprise applications.
2. Log in to Identity360 as an Admin, Super Admin, or Technician with a role that has Application Integration and Single Sign-on permissions.
3. Navigate to Applications > Application Integration > Create New Application, and select OneTrust from the applications displayed.
   Note: You can also find OneTrust from the search bar located at the top.
4. Under the General Settings tab, enter the Application Name and Description.
5. Under the Choose Capabilities tab, select SSO and click Continue.
   General Settings of SSO configuration for OneTrust.
6. Under Integration Settings, navigate to the Single Sign On tab and click Metadata Details. Copy the Login URL, Logout URL, and Entity ID. Save the Signing Certificate file by clicking Download. These details will be used later during the configuration of OneTrust.
   Integration Settings of SSO configuration for OneTrust.

OneTrust (service provider) configuration steps

1. Log in to your OneTrust account.
2. Navigate to the gear icon in the upper right-hand corner to access the Global Settings.
3. Go to Access Management > Single Sign-On.
4. Enable Single Sign-On.
5. In the Notification Recipient field, select the user(s) and/or user group(s) to be notified when action is required regarding the SSO configuration. User(s) or user group(s) must be selected in this field in order to save changes to your SSO configuration.
6. In the OneTrust Service Provider Details section, complete the following fields:
   • Response Binding Type: select Post
   • Sign SAML Response: enabled
7. In the Identity Provider Configuration section, complete the following fields:
   • In the Name field, paste the Entity ID copied in step six of the prerequisites.
   • In the SignOn URL field, paste the Login URL copied in step six of the prerequisites.
   • Optionally, in the SignOut URL field, paste the Logout URL copied in step six of the prerequisites.
8. In the Upload Certificate section, click Upload and upload the signing certificate downloaded in step six of the prerequisites.
   Note: The Signing Certificate downloaded from Identity360 is in .pem format. You need to convert it to .cer or .crt format before uploading it to OneTrust's SSO configuration.
9. Click Save and then Ok.

Identity360 (identity provider) configuration steps

1. Switch to Identity360's application configuration page.
2. Enter your OneTrust Sub Domain. You can find this by navigating to OneTrust's Global Settings menu and selecting Email and Branding > Domains.
3. Enter the Relay State parameter, if necessary.
   Note: Relay State is an optional parameter used with a SAML message to remember where you were or to direct you to a specific page after logging in.
4. Click Save.
   Integration Settings of SSO configuration for OneTrust.
5. To learn how to assign users or groups to one or more applications, refer to this page.

Your users will now be able to sign in to OneTrust through the Identity360 portal.

Note: For OneTrust, both SP-initiated and IdP-initiated flows are supported.