OneLogin

MIRACL Trust Application Setup

An application on the MIRACL platform is required. It will be used by the OneLogin platform as a Trusted IdP. Learn how to register a new app here.

Note: The redirect uri you need to enter in the MIRACL application needs to redirect to the OneLogin platform back and, at the time of this writing, it is constructed as companyname.onelogin.com/access/idp, where companyname is the sitename of the developer account you've created in the OneLogin platform.

OneLogin Setup

First of all you need to log into OneLogin as an administrator. If you don't have an account, you can read the OneLogin docs and get a developer account here.

Note: You need to have an application, which already authenticates you successfully to the OneLogin platform, before setting up MIRACL as a Trusted IdP.

Create a new Trusted IdP

  • Select Authentication > Trusted IdPs
  • Click New Trust to add a new trusted identity provider
  • Type MIRACL Trust as name for your identity provider
  • Make sure that the Enable Trusted IDP check box is checked

Configurations:

  • In the Issuer text box, type https://api.mpin.io
  • Make sure that the Sign users into OneLogin check box is checked
  • (Optional) In this section you can specify the Email Domains which are directed straight to MIRACL Trust to authenticate

User attribute:

  • In the User Attribute Value text box type {tidp.email} (Note: It will be enabled, once you select OIDC as a Protocol Type in the step below)
  • From the User Attribute Mapping drop-down list, select Email
  • (Optional) You can specify Allowed Email Domains which will be allowed to login with MIRACL Trust

Protocol:

  • From the Protocol Type drop-down list, select OIDC

OIDC Configurations:

  • For Authentication Endpoint fill in https://api.mpin.io/authorize
  • For Token Endpoint Auth. Method specify POST
  • For Token Endpoint fill in https://api.mpin.io/oidc/token
  • For User Information Endpoint fill in https://api.mpin.io/oidc/userinfo
  • For Scopes fill in openid profile email
  • For Client Id fill in the client ID you received from the MIRACL Trust Application Setup
  • For Client Secret fill in the client secret you received from the MIRACL Trust Application Setup

When everything is filled in, press the Save button.

OneLogin gotchas

  • Make sure that you authenticate in both MIRACL and OneLogin with the same email.
  • The OneLogin user you're trying to authenticate, should be connected to your OneLogin OIDC application and should be setup to authenticate with MIRACL as a Trusted IdP.