Set up single sign-on with OneLogin

Before following the below steps to set up single sign-on using OneLogin, please read Single sign-on overview with more general information regarding Peakon's single sign-on.

1. Enable single sign-on in Peakon

1. Go to Administration

2. Choose Integrations and then select Single Sign-On 

3. Click the Connect button and you’ll be taken to the page you see in the screenshot below

On this page, you will later input your SSO login URL and certificate provided by OneLogin. Here you will also find the entity ID and reply URL (ACS) for Peakon, which you will enter into OneLogin a bit later in this guide.

2. Add the Peakon app to your OneLogin account

As a OneLogin administrator, you can follow these steps to add a new SAML app for your company, by first heading over to the main menu, and clicking the Apps menu, then Add Apps, then search for Peakon.

Click on the Peakon listing to open the configuration menu.

3. Configure the Peakon SAML App

The first page will be pre-populated with the Peakon app name and logo. You can optionally add a description if required. Click on Save to proceed.

This will create the app and a new set of menus shall appear : 

The next step is to enter the Entity ID from the Peakon Integration page into the OneLogin configuration. Please note OneLogin will autofill the URL format and therefore you are only required to enter the ID from the Entity ID URL as shown below:

Navigate to the Configuration menu in OneLogin. Then enter the ID, e.g. 7864 :

The next step is to download the SSO Certificate and entering the SAML Endpoint into Peakon. Click on the SSO menu in OneLogin: 

To download the Certificate file, you will need to click on View Details under the Certificate sub menu as shown below: 

Set the SHA Fingerprint strength to SHA256 and ensure the X.509 certificate file extension is PEM. Now click on Download. 

The downloaded PEM certificate file will need to be uploaded to the Peakon Integrations page. To upload, navigate to the Integrations page and click on Choose file under the Certificate sub menu. Upload the downloaded Certificate from OneLogin. 

Now, we need to obtain the SAML endpoint from the OneLogin SSO page. Copy the SAML Endpoint and paste it into the Peakon Integrations page under SSO Login URL.

Please note that the SSO Logout URL is not required for OneLogin. 

4. Assign Users in OneLogin

Make sure you add all required users who need to access Peakon using the Users menu. 

Hit the Save button at the top right of the screen to complete the setup. Also, make sure you save the configurations on the Peakon Integrations page. 

5. Test that single sign-on is working

Now that you have configured OneLogin to integrate with Peakon, you are ready to test it:

1. Go to app.peakon.com/login and enter your company email address.

2. After entering the email, Peakon will detect that this email supports single sign-on, and clicking the Sign in button will redirect you to internal OneLogin sign in page, before redirecting you back to Peakon and logging you in

3. If you prefer to sign into Peakon using your existing password, you can skip the single sign-on step by clicking Sign in using password after entering your email

4. Optionally, go directly to (or bookmark) app.peakon.com/saml/{your email domain}, which will start the single sign-on flow directly without visiting the Peakon login page first