This guide provides step-by-step instructions for configuring Single Sign-On (SSO) between OneLogin and your FMX application using SAML 2.0.

Important: This document covers SSO configuration only. OneLogin user provisioning and directory synchronization are managed separately within OneLogin.

Overview

  • Identity Provider (IdP): OneLogin
  • Service Provider (SP): FMX
  • Protocol: SAML 2.0

Once configured, users will be able to access FMX using their OneLogin credentials.

Prerequisites

Before you begin, ensure the following:

  • You have administrator access to OneLogin
  • SAML SSO is enabled for your FMX tenant
  • You know your FMX hostname (for example: https://hostname.gofmx.com)
  • Users who will access FMX already exist in FMX and OneLogin

FMX SAML Configuration Values

Use the following FMX values when configuring the OneLogin SAML application:

  • Audience / Entity ID

    https://hostname.gofmx.com/

  • Assertion Consumer Service (ACS) / Reply URL

    https://hostname.gofmx.com/login/saml2/callback

  • Recipient URL

    https://hostname.gofmx.com/login/saml2/callback

Step 1: Create a SAML Application in OneLogin

  1. Log in to the OneLogin Admin Portal
  2. Navigate to Applications > Add App
  3. Search for SAML Test Connector or select Custom SAML App
  4. Click Save to create the new SAML application

Step 2: Configure SAML Settings in OneLogin

When configuring the SAML application, enter the FMX values listed above.

Required Settings

  • Entity ID / Audience:
    https://hostname.gofmx.com/
  • ACS / Reply URL:
    https://hostname.gofmx.com/login/saml2/callback
  • Recipient URL:
    https://hostname.gofmx.com/login/saml2/callback
  • SAML Response: Signed
  • Assertion: Signed (recommended)

NameID Configuration

  • NameID Format: Email Address
  • NameID Value: User Email

This ensures FMX can uniquely identify users by email address.

Step 3: Configure User Attributes (Claims)

FMX requires the user’s email address and recommends sending first and last name attributes.

Required Attribute

  • email → User Email

Recommended Attributes

  • firstName → User First Name
  • lastName → User Last Name

Attribute names may vary based on your OneLogin environment.

Step 4: Obtain OneLogin IdP Metadata URL

After saving the SAML application, copy the IdP Metadata URL from OneLogin. This URL is all FMX needs to complete the SSO setup.

Step 5: Configure SSO in FMX

Provide the IdP Metadata URL to FMX (or FMX Support). Once this is configured, FMX will enable SAML SSO for your tenant.

Step 6: Assign Users in OneLogin

Ensure users are entitled to the FMX application in OneLogin. Only entitled users will be able to log in via SSO.

Step 7: Test the SSO Configuration

We recommend testing with a small group of users before full deployment.

Test Options

  • IdP-initiated login: Launch FMX from the OneLogin portal
  • SP-initiated login: Log in from the FMX login page using the SSO option

If login fails, verify:

  • Entity ID and ACS URL match exactly
  • Users are entitled to the application
  • The correct IdP Metadata URL is used

Troubleshooting Tips

  • Invalid Audience error: Confirm the Entity ID matches FMX exactly
  • User not found: Ensure the email in OneLogin matches the FMX user email
  • Signature validation errors: Verify the IdP Metadata URL is correct

Need Help?

If you need assistance completing your OneLogin SSO setup, contact FMX Support and include:

  • Your FMX tenant URL
  • OneLogin IdP Metadata URL
  • Any error messages or screenshots

Once complete, users will be able to securely access FMX using OneLogin Single Sign-On.

Was this article helpful?

  • 0 out of 0 found this helpful