Configuring OneLogin SSO

Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.

1. Login to your Gatekeeper account as an administrator.
2. Navigate to Settings > Configuration > Authentication:

configuration-1

3. Select Configure OneLogin, then click Save:


4. You are now on the OneLogin Single Sign-On configuration page. Copy the Gatekeeper Tenant ID and the Gatekeeper Instance (as pictured below) to your text editor. You will be needing this information when configuring Gatekeeper within the OneLogin admin portal.

one1

5. Open a new tab from within your web browser and navigate to the OneLogin admin portal.
6. Log in to the OneLogin admin portal and go to Apps > Add Apps.
7. Search for Gatekeeper and select it.

8. Go to the Configuration tab and select your gatekeeper instance and then enter your Gatekeeper Tenant ID.

How to find your Gatekeeper instance and Tenant ID:
i. Login to Gatekeeper
ii. Copy the URL from your browser's address bar and then paste into notepad
iii. In this case apac is the Gatekeeper instance and 2065 is the Tenant ID.

https://staging.gatekeeperhq.com/2026/executive-dashboard

 

onelogin

9. Click Save.

10. On the Parameters tab, confirm your credential settings and user attribute mappings.

11. Go to the SSO tab to copy the SAML metadata that you must provide to the app provider to complete the integration.

saml-1

Gatekeeper requires:

  • SAML 2.0 Endpoint (HTTP) URL: The OneLogin URL that provides data about OneLogin as a SAML-providing IdP. The OneLogin Application ID for Gatekeeper is all that is required from this field. The Application ID can be found at the end of the 2.0 Endpoint URL, as seen below. In this case the Application ID starts with 89, quite often you will need to scroll to the right to see the full number.

 

saml id

 

 

  • SAML Issuer URL: The OneLogin URL that provides data about OneLogin as a SAML-providing IdP. The OneLogin Issuer ID for Gatekeeper is all that is required from this field. The Issuer ID can be found at the end of the Issuer URL, as seen below. In this case the Issuer ID is 131956b5-d950-4 quite often you will need to scroll to the right to see the full number.

 

issuer

 

  • X.509 Certificate: the Public certificate that establishes trust between OneLogin and Gatekeeper.

To copy the X.509 certificate, click View Details and click the Copy to Clipboard icon for the X.509 Certificate. If you want a different certificate, click Change on the SSO tab, select the new certificate, and follow the above instructions. You must include the entire certificate, including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE------ when you provide it to Gatekeeper.

12. Return to your browser tab with the Gatekeeper OneLogin Single Sign-On configuration page.
13. Copy the Application ID, Issuer ID and X.509 Certificate data from your text editor (Step 11) and then paste in the appropriate field.

onelog2-1

 

14. Click Create.
15. Done!

Test the SAML connection (OneLogin SSO)

  1. Select Allow all authentication methods, then click Save:

2. Ensure that you have matching user accounts in Gatekeeper and OneLogin (the OneLogin email address or username is identical to the app username). You can create a test user, or you can use your own account.

3. Make sure you are logged out of Gatekeeper.

4. Log in to OneLogin as an admin and give the test user access to the app in OneLogin. (See below).

In OneLogin under Gatekeeper app administration, go to the Access tab to assign the OneLogin roles that should have access to the app and provide any app security policy that you want to apply to the app.

You can also go to Users > All Users to add Gatekeeper to individual user accounts, and return to this app configuration page to complete SSO configuration.

4. Log in to OneLogin as the test user.
5. Click the app icon on the OneLogin dashboard. If you are able to access the app, then SAML works.

Login to Gatekeeper with OneLogin

  1. Go to https://gatekeeperhq.com/users/sign_in and click SIGN IN WITH ONELOGIN:

2. Type in your email address, then click FIND ACCOUNT:

downloads.intercomcdn.comio453301794f24ea48dc1f5f9

3. Enter your OneLogin credentials and click Log In.

downloads.intercomcdn.comio453302179f55f1681d18892

4. You are now logged into your Gatekeeper account.

Restrict Access to just (OneLogin SSO)

Now you have successfully tested OneLogin SSO, you can restrict access to only use OneLogin SSO

1. Login to your Gatekeeper account as an administrator.
2. Navigate to Settings > Customisations > Authentication
3. Select Require OneLogin Single Sign On (SSO), then click Save:

That's it, now the only access to Gatekeeper is using OneLogin SSO.

If you have any issues, please contact Gatekeeper support.

Note. Access to the Employee Portal and Supplier Portal remain via username and password when SSO authentication is set.