Integrating with Onelogin

Prerequisites

After SAML is activated for a tenant, you have no other way to log in to Instana. The SAML configuration can be deleted through API by using a token with enough permissions.

• You require administrator privileges in Onelogin.
• Open the SAML configuration page in Instana, where you need to copy and paste some values between there and Onelogin. (See Option 2: Manual Setup in the dialog)

Creating the SAML app in Onelogin

Go to the application perspective in Onelogin by selecting it from the menu bar, and then clicking Add App.

Search for SAML and select SAML Test Connector (IdP w/ attr w/sign response).

After you select the template, you are prompted with a screen where you can enter the name of your application. You can choose a name or image since these values have no impact on the actual SAML login flow. After you select a name or image, click Configuration to start the actual SAML configuration.

This screen now contains all the fields that are required to interact with Instana. Copy the appropriate values from the Instana SAML configuration page into the appropriate fields, then press save.

Yes, the .* in the ACS (Consumer) URL Validator is required.

After you save everything, you now have an Instana SAML application in Onelogin. Next, you must transfer the IdP-Metadata from Onelogin to Instana.

To transfer the IdP-Metadata from Onelogin to Instana,F select the More Actions dropdown and select SAML metadata. Store the downloaded file and upload it in the Instana SAML configuration page.

Adding Users to Instana

With SAML enabled this is now the only way for your users to access Instana. To enable users, they must get the SAML app assigned to them. Use your regular flow to associate an app with a user so they get access.

Make sure that every user has an associated eMail-address.

Each new user can receive the default role during their first login.