Configuring SAML with One Login

1. Create a SAML app in OneLogin

  1. Go to https://mycompany.onelogin.com/apps/find (replace “mycompany” with your company’s OneLogin ID).
  2. Select “SAML Test Connector (SP)” and click “Save”.
  3. Under the “Configuration” tab, set the following properties (replacing https://sourcegraph.example.com with your Sourcegraph URL):
  4. Under the “Parameters” tab, ensure the following parameters exist:
    • Email (NameID): Email
    • DisplayName: First Name Include in SAML Assertion: ✓
    • login: AD user name Include in SAML Assertion: ✓
  5. Save the app in OneLogin.
  6. Find the Issuer URL in the OneLogin app configuration page, under the “SSO” tab, under “Issuer URL”. It should look something like https://mycompany.onelogin.com/saml/metadata/123456 or https://app.onelogin.com/saml/metadata/123456. Record this for the next section.

2. Add the SAMl auth provider to Sourcegraph site config

Add a SAML auth provider with identityProviderMetadataURL set to the Issuer URL recorded from the previous section. Here is an example:

{
 // ...
 "externalURL": "https://sourcegraph.example.com",
 "auth.providers": [
   {
     "type": "saml",
     "configID": "onelogin",
     "identityProviderMetadataURL": "<issuer URL>"
   }
 ]
}