Utilizing OneLogin SSO


If your organization utilizes OneLogin, you can enable OneLogin SSO in ControlMap.  You can also set OneLogin SSO as the default login for any/all users in your instance, which will enforce logging in via OneLogin any time they access ControlMap.


Creating the Integration in OneLogin

Navigate to Applications in OneLogin and select Add App.  Then select SAML 2.0 as the sign-in preference.


Configuring the OneLogin integration

Enter the following details within the OneLogin Application Configuration.


NOTE: TENANT references the Tenant name within your ControlMap instance (https://TENANT.app.ctrlmap.com)


RelayState = TENANT

ACS (Consumer) URL Validation* = https://api.ctrlmap.com/v1/sso/acs

ACS (Consumer) URL* = https://TENANT.app.ctrlmap.com

Single Logout URL = https://api.ctrlmap.com/v1/sso/logout

Login URL = https://api.ctrlmap.com/v1/sso/acs

SAML not valid before = 3

SAML not valid on or after = 3

SAML Initiator = OneLogin


Within OneLogin, make note of the following for use within ControlMap.

  • Entity Id / Issuer URL
  • SAML 2.0 Endpoint (POST) / Sign In URL
  • SLO Endpoint / Logout URL
  • X.509 Certificate (with SHA-512 signature algorithm)


Configuring ControlMap SSO

Within your ControlMap Tenant, navigate to Settings -> Users. On the right under Sign in Settings, enable the SAML 2.0 SSO Checkbox. Select One Login from the identity provider dropdown.


Enter the noted fields from OneLogin to the appropriate fields within ControlMap.


Once you've filled out the required fields, select Update settings to save and register this information with our system. Once you've updated, you can select individual users' and update their sign-in settings by selecting Update sign in preference.



If you'd like to update this settings for all users, select Set as default next to the Enable SAML 2.0 SSO section within Sign in settings.  




Any questions? Reach out to our friendly, neighborhood support team by submitting a support ticket.