SAML single sign on with OneLogin

Updated 1 month ago by Andrew White

For best practices and tips for using SAML with Spoke, check out our  SAML overview article 

Please note: Spoke limits each email address to 1 active Spoke organization. If you see the error “You are not a member of this org” please make sure to leave other organizations before attempting to log in using SAML.
  1. Log into OneLogin. Go to the administration panel, then navigate to Apps > Add Apps.
  2. Search for Spoke, then select the Ask Spoke SAML 2.0 App.

On the Configuration  tab, click save  to add the app to your company apps. 

On the Configuration tab, enter your Org ID from Spoke.

Your Org ID is the prefix of your ask Spoke URL. ie:

Go to "Access" and set policies for Spoke. New Policies can be set in "Settings/Policies."

If you want to assign spoke to individual users, navigate to "Users/All Users"

Once you are finished, click "save." 

Navigate to the SSO tab and copy the three values you need for Spoke. 

  • SAML 2.0 Endpoint (HTTP)
  • Issuer URL 
  • X.509 Certificate. 

To Copy the Certificate, select "View Details

 Then select "Copy to Clipboard"

You will need to be an Admin on Standard or Plus Annual plan to be able to view and enable SAML.L og into your Spoke Web App and go to Settings/SAML .

  1. Navigate to "Settings"
  2. Select "SAML"
  3. In the Sign on URL field, paste the value from SAML 2.0 Endpoint into OneLogin.
  4. In the Issuer field, paste the value from Issuer URL into OneLogin.
  5. In the Public certificate field, paste the value from X.509 certificate into OneLogin
Please Note:  All users will be logged out and receive a notification email once you enable SAML. Administrators can still login with a password if SAML ever disconnects.

Test your SAML connection by pressing "Test SAML"

If there is an error with your SAML settings, Spoke will highlight the field in red to show that this needs repaired before you can proceed with enabling SAML.

How did we do?