This guide assumes you have completed the prerequisite steps (e.g. generate self-signed X.509 certificates) outlined here.
Firezone supports Single Sign-On (SSO) using OneLogin through the generic SAML 2.0 connector. This guide will walk you through how to configure the integration.
Create a SAML connector
In the OneLogin admin portal, add an app under the application tab.
SAML Custom Connector (Advanced) and provide the appropriate
configuration settings under the under the configuration tab.
The following fields should be filled out on this page:
|Audience (EntityID)||This should be the same as your Firezone |
|Recipient||This is your Firezone |
|ACS URL Validator||This field is regex to ensure OneLogin posts the response to the correct URL. For the sample URL below, we can use |
|ACS URL||This is your Firezone |
|Login URL||This is your Firezone |
|SAML initiator||Service Provider|
|SAML signature element||Both|
OneLogin's docs provide a good overview of each field's purpose.
Once complete, save the changes and download the SAML metadata document
found unde the
More Actions dropdown. You'll need
to copy-paste the contents of this document into the Firezone portal in the next step.
Add SAML identity provider to Firezone
In the Firezone portal, add a SAML identity provider under the Security tab by filling out the following information:
|Config ID||Used to construct endpoints required in the SAML authentication flow (e.g., receiving assertions, login requests).|
|Label||Appears on the sign in button for authentication.|
|Metadata||see note||Paste the contents of the SAML metadata document you downloaded in the previous step from OneLogin.|
|Require signed assertions||Checked.|
|Required signed envelopes||Checked.|
After saving the SAML config, you should see a
Sign in with OneLogin button
on your Firezone portal sign-in page.