Configuring SAML with One Login

1. Create a SAML app in OneLogin

1. Go to https://mycompany.onelogin.com/apps/find (replace "mycompany" with your company's OneLogin ID).
2. Select "SAML Test Connector (SP)" and click "Save".
3. Under the "Configuration" tab, set the following properties (replacing https://sourcegraph.example.com with your Sourcegraph URL):
   • Audience: https://sourcegraph.example.com/.auth/saml/metadata
   • Recipient: https://sourcegraph.example.com/.auth/saml/acs
   • ACS (Consumer) URL Validator: https://sourcegraph\\.example\\.com\\/\\.auth\\/saml\\/acs
     (This is regular expression that matches the URL https://sourcegraph.example.com/.auth/saml/acs)
   • ACS (Consumer) URL: https://sourcegraph.example.com/.auth/saml/acs
4. Under the "Parameters" tab, ensure the following parameters exist:
   
   • Email (NameID): Email
   • DisplayName: First Name Include in SAML Assertion: ✓
   • login: AD user name Include in SAML Assertion: ✓
5. Save the app in OneLogin.
6. Find the Issuer URL in the OneLogin app configuration page, under the "SSO" tab, under "Issuer URL". It should look something like https://mycompany.onelogin.com/saml/metadata/123456 or https://app.onelogin.com/saml/metadata/123456. Record this for the next section.

2. Add the SAMl auth provider to Sourcegraph site config

Add a SAML auth provider with identityProviderMetadataURL set to the Issuer URL recorded from the previous section. Here is an example:

{
 // ...
 "externalURL": "https://sourcegraph.example.com",
 "auth.providers": [
   {
     "type": "saml",
     "configID": "onelogin",
     "identityProviderMetadataURL": "<issuer URL>"
   }
 ]
}