SAML/SSO with OneLogin

Account Holders have numerous security settings available in Litmus and options that protect users and content. You can configure SAML single sign-on between Litmus and OneLogin to simplify your users' access to Litmus. 

Before you start

  • Only the Account Holder can access and configure SAML settings in Litmus.
  • New user seat creation is not supported via SAML. Users must be created within Litmus first and then authenticated via your IdP prior to them logging into Litmus.
  • SSO with SAML can only be configured at the parent account level and is automatically applied to all subaccounts on your plan.

NOTE: SAML functionality is available with Litmus Enterprise plans

Start with Litmus settings

Find Your Subaccounts in the left side settings menu, then Security and finally the SAML tab in the popup window.

Toggle on Enable SAML. If you would like your users to only access Litmus via SSO with your IdP solution, you can check the box Enforce sign-in with SAML.

NOTE: When this option is active, the Litmus Account Holder will still be able to sign in directly using their credentials via the Litmus login screen. This is to prevent the account holder from getting locked out of full account administrative functionality. Other users will be required to log in via SAML. Password resets using the Forgotten Password? option on the regular Litmus login screen will be disabled for all users.

Animation showing Your Subaccounts security link in the left menu and the steps to access SAML setup options for OneLogin

Select OneLogin as your Identity Provider. Take note of the Audience URN, ACS (Consumer) URL Validator and ACS (Consumer) URL. You will need these later to configure a new app for Litmus in OneLogin.

Audience URN and validator URLs for use in OneLogin setup

Continue in OneLogin

Open a new browser tab or window so you can view both OneLogin and Litmus during configuration, then log in to OneLogin as an administrator. Go to Administration → Apps → Add Apps.

Animation of OneLogin administration site to add apps

Search SAML Test Connector (IdP) in the search box under Find Applications. Select the result called SAML Test Connector (IdP).

Application search in OneLogin

Configure the new application. Change the display name to Litmus. Toggle on Visible in Portal and upload the Litmus logo as the app icon. Select Save in the top right of the screen.

OneLogin SAML Test connector configuration window

Next, navigate to the Configuration tab and paste the Audience URNACS (Consumer) URL Validator and ACS (Consumer) URL from Litmus. You may also add an optional single Logout URL. Save in the upper right corner when you're finished.

OneLogin configuration tab window with data fields for Litmus entries.

Select the SSO tab in OneLogin. Two elements on this tab need to be copied and pasted into your Litmus SAML setup. First, copy the SAML 2.0 endpoint (HTTP) field from OneLogin and paste it into the corresponding field in your Litmus SAML configuration. 

Next, find the X.509 Certificate and right-click the View Details link under the certificate field. Select Open Link in New Tab then copy the certificate using the Copy to Clipboard icon. Paste the X.509 Certificate into the corresponding field in your Litmus SAML configuration. Save your Litmus SAML settings.

OneLogin SSO tab with SAML 2.0 endpoint copy to clipboard option

Right-click selection of X.509 certificate in OneLogin

OneLogin X.509 certificate content with copy to clipboard option

Litmus SAML Settings X.509 certificate field for content from OneLogin

You are now ready to assign the Litmus application to your OneLogin users, groups or role types. In your OneLogin administrator role, go to Administration →Users then select the relevant option from the Users drop-down menu.

Select the users, roles or groups that require access to Litmus, then navigate to the Applications tab and select the New app button. From here, follow the on-screen instructions to select your newly created Litmus application before saving.

OneLogin application selection window showing new app plus sign button

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us