SAML single sign on with OneLogin

Updated 3 months ago by Andrew White

For best practices and tips for using SAML with Spoke, check out our  SAML overview article 

Please note: Spoke limits each email address to 1 active Spoke organization. If you see the error “You are not a member of this org” please make sure to leave other organizations before attempting to log in using SAML.
  1. Log into OneLogin. Go to the administration panel, then navigate to Apps > Add Apps.
  2. Search for Spoke, then select the Ask Spoke SAML 2.0 App.

On the Configuration  tab, click save  to add the app to your company apps. 

On the Configuration tab, enter your Org ID from Spoke.

Your Org ID is the prefix of your ask Spoke URL. ie:

Go to "Access" and set policies for Spoke. New Policies can be set in "Settings/Policies."

If you want to assign spoke to individual users, navigate to "Users/All Users"

Once you are finished, click "save." 

Navigate to the SSO tab and copy the three values you need for Spoke. 

  • SAML 2.0 Endpoint (HTTP)
  • Issuer URL 
  • X.509 Certificate. 

To Copy the Certificate, select "View Details"

 Then select "Copy to Clipboard"

Configuration Steps

Log into Spoke and navigate to the Integrations menu.

  1. Navigate to Settings
  2. Select the Integrations Menu
  3. Find the SAML tile and choose Connect

Copy the following fields from your Onelogin setup page into the Spoke Settings/SAML Page.

  1. Sign on URL: Paste the SAML 2.0 Endpoint URL from Onelogin here
  2. Issuer: Paste the Issuer URL from Onelogin here
  3. Public certificate: Paste the X.509 certificate from Onelogin here
  4. Press Test SAML connection

Once the test is completed, you can push Enable SAML

Uncheck the checkbox if you don't want to email notifications of SAML being enabled to your team.

How did we do?

Powered by HelpDocs