> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sprig.com/llms.txt
> Use this file to discover all available pages before exploring further.

# OneLogin

To enable SSO with OneLogin, complete the following:

1. Contact [support@sprig.com](mailto:sso@sprig.com) to claim the email domain(s) that your SSO users will use to sign in.
2. Log in to Sprig and go to [Settings > Single Sign On](https://app.sprig.com/settings/sso).
3. Select **SSO Enabled** option, and click **Save**.
4. An *Important Values* section will appear.  Take note of the values provided.  You will use them to configure your OneLogin integration in step 8.
5. Log in to your OneLogin account and go to the **Administration** section.  Navigate to the **Applications** page.

<img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/5f27687-Screen_Shot_2021-07-21_at_4.34.03_PM.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=a5ec053fc457eaa53b35305756f3845e" alt="" width="514" height="207" data-path="images/5f27687-Screen_Shot_2021-07-21_at_4.34.03_PM.png" />

6. Click the **Add App** on the right side of the page. In the search field, enter *Saml Custom Connector*. Choose SAML Custom Connector (Advanced) provided by *OneLogin Inc*:

<img src="https://mintcdn.com/sprig/_ephcOEAcdx-CRO7/images/16f6115-Screen_Shot_2022-08-08_at_7.55.23_PM.png?fit=max&auto=format&n=_ephcOEAcdx-CRO7&q=85&s=a35e26d3f4c1016325c591a8ad79a6c0" alt="" width="2468" height="542" data-path="images/16f6115-Screen_Shot_2022-08-08_at_7.55.23_PM.png" />

7. In the **Display Name** field, enter a name and click **Save**.

<img src="https://mintcdn.com/sprig/_ephcOEAcdx-CRO7/images/0d57de9-8596fcc-Screen_Shot_2021-07-21_at_4.34.23_PM.png?fit=max&auto=format&n=_ephcOEAcdx-CRO7&q=85&s=bbea58e6e71f5628d3a2bd23cbb92a63" alt="" width="638" height="263" data-path="images/0d57de9-8596fcc-Screen_Shot_2021-07-21_at_4.34.23_PM.png" />

8. Click **Configuration**. Use the *Important Values* you were provided in step 4 to cut and paste the *Entity URI* into the **Audience (EntityID)** field, and the *ACS URL* into both the **ACS (Consumer) URL Validator** field and the **ACS (Consumer) field**.

<img src="https://mintcdn.com/sprig/_1uWncsTBTa1sJbM/images/e7d30a6-Screen_Shot_2021-07-21_at_4.34.32_PM.png?fit=max&auto=format&n=_1uWncsTBTa1sJbM&q=85&s=d5a3df1183fc23133ab51ec3107852e0" alt="" width="618" height="510" data-path="images/e7d30a6-Screen_Shot_2021-07-21_at_4.34.32_PM.png" />

9. Click **Parameters**. Click <img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/6819630-plus.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=6dbf3729b13f292ce9dcbbe38603d887" width="17" height="16" data-path="images/6819630-plus.png" /> to add a parameter.
10. Enter `name` in the Field name field. Select the **Include in SAML assertion** option. Click **Save**.

<img src="https://mintcdn.com/sprig/_1uWncsTBTa1sJbM/images/e9832b2-Screen_Shot_2021-07-21_at_4.34.39_PM.png?fit=max&auto=format&n=_1uWncsTBTa1sJbM&q=85&s=f21f40b44aabb1db049ce1f5c2399426" alt="" width="509" height="408" data-path="images/e9832b2-Screen_Shot_2021-07-21_at_4.34.39_PM.png" />

10. In the **Value** drop-down list select **Name**.

<img src="https://mintcdn.com/sprig/8rOBJC6NeyY76ru8/images/a994890-Screen_Shot_2022-08-08_at_7.54.19_PM.png?fit=max&auto=format&n=8rOBJC6NeyY76ru8&q=85&s=75579ed370f410b25aef6c7697abdaa9" alt="" width="1122" height="936" data-path="images/a994890-Screen_Shot_2022-08-08_at_7.54.19_PM.png" />

12. Click again on **Parameters**. Click <img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/6819630-plus.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=6dbf3729b13f292ce9dcbbe38603d887" width="17" height="16" data-path="images/6819630-plus.png" /> to add another parameter.
13. Enter `role` in the **Field name** field. Select the **Include in SAML assertion** option. Click **Save**.
14. In the **Value** drop-down list select **- Macro -** . Either enter `admin` , `editor`, `developer` , or `viewer` in the field. Sprig roles are described [here](/docs/account-and-settings/team-management-roles/roles-permissions). Roles can be configured on a per-user basis using [user attribute macros](https://onelogin.service-now.com/kb_view_customer.do?sysparm_article=KB0010609). If you don’t have the appropriate attribute configured for users yet, you can choose “- Macro -” again and enter `admin`, and all assigned users will receive “admin” permissions.
15. You will configure the SAML settings. Click on the **SSO** tab. In the SAML Signature Algorithm dropdown, select **SHA-256**.
16. Navigate to the Sprig's [**Settings>Single Sign-On**](https://app.sprig.com/settings/sso). Copy the values from the SSO tab in the previous step into the corresponding fields in the **Your Identity Provider** section:

* **Issuer URL → Issuer URL**
* **SAML 2.0 Endpoint → Entry Point URL**

15. Now in the OneLogin **SSO** tab, click **View Details** link under the **X.509 Certificate** field. A new page will appear. Copy the text inside the X.509 Certificate field and paste it into the **X.509 Certificate** field in Sprig's [**Settings>Single Sign-On**](https://app.sprig.com/settings/sso). Click “Save”.

Users that are assigned to the OneLogin application integration will now be able to sign in using the Sprig [SSO login page](https://app.sprig.com/login/sso).