Connect Meisterplan with OneLogin to use Single Sign-On (SSO) via SAML 2.0.
- Adding Meisterplan as an App in OneLogin
- Entering Identity Provider Data in Meisterplan
- Adding Users in OneLogin
- Adding Users in Meisterplan
- Logging in to Meisterplan via OneLogin
Adding Meisterplan as an App in OneLogin
First, add Meisterplan as a new app in OneLogin and enter the service provider data provided by Meisterplan into OneLogin.
- Add a new app as described in the OneLogin documentation, selecting a SCIM Provisioner with SAML (SCIM v2 Core) app by OneLogin Inc. You can deactivate the Visible in portal option as it's not supported with Meisterplan.
- In Meisterplan, go to Manage > Users > Configure > SAML to get the Service Provider Login Response URL:
- In the Configuration tab in OneLogin, paste the URL in the SAML Audience URL and SAML Consumer fields:
- In the API Connection section, enter either https://api.us.meisterplan.com/scim/v2 or https://api.eu.meisterplan.com/scim/v2, depending on where your Meisterplan system is hosted:
- Complete the remaining steps to add an app as described in the OneLogin documentation.
Entering Identity Provider Data in Meisterplan
Now you can enter the identity provider data from OneLogin in Meisterplan.
- In OneLogin, switch to the SSO tab. Copy the X.509 Certificate (Open it by clicking View Details) as well as the Issuer URL SAML 2.0 Endpoint (HTTP), and SLO Endpoint (HTTP) values.
- In Meisterplan, paste the values under Manage > Users > Configure > SAML:
Map the fields as follows:
Field in OneLogin Field in Meisterplan Issuer URL Identity Provider Entity ID SAML 2.0 Endpoint (HTTP) SSO URL SLO Endpoint (HTTP) SLO URL X.509 Certificate Identity Provider X.509 Certificate
- Click Save Configuration to finish the configuration.
Adding Users in OneLogin
In OneLogin, assign the desired users to the Meisterplan app. If you would like to auto-provision users from OneLogin into Meisterplan, make sure the desired users have been added in OneLogin under Users > Applications. Here, you can assign users to the corresponding user groups in Meisterplan.
Adding Users in Meisterplan
All users logging in to Meisterplan via OneLogin will need to create corresponding user accounts in Meisterplan. You can add users automatically with auto-provisioning, or manually.
Adding Users in Meisterplan with Auto-ProvisioningPremium
To add users in Meisterplan via auto-provisioning in OneLogin, go to Applications > Configuration. As the SCIM Base URL, enter either https://api.us.meisterplan.com/scim/v2 or https://api.eu.meisterplan.com/scim/v2, depending on where your Meisterplan system is hosted:
Adjust the SCIM JSON Template. The Meisterplan SCIM endpoint doesn't support "formatted" as a sub-attribute of "name". It will also require an email address. The extra attributes of the enterprise user schema, including "title" and "urn:scim:schemas:extension:enterprise:1.0" and its sub-attributes, are not supported.
To activate auto-provisioning, select Enable.
Adding Users in Meisterplan Manually
You can add users manually in Meisterplan as follows.
Users are added in Meisterplan under Manage > Users, and user rights are configured under Manage > User Groups. For more details on user management in Meisterplan, see the articles Manage Users and Manage User Groups.
Logging in to Meisterplan via OneLogin
Easy Login via OneLogin Dashboard
Log in to Meisterplan by clicking on the Meisterplan app in the OneLogin App Start. This is called "Identity Provider Initiated SSO".
Login via the Meisterplan Login Page
You can also log in using the login page https://us.meisterplan.com/<yoursystem>. This will require your OneLogin credentials. If a user is logged in, they will be redirected to Meisterplan. This is called "Service Provider initiated SSO".
You can set the login type in OneLogin under Configuration. Under SAML initiator, select the option Service Provider.
No further settings are needed. You do not need to fill in the field Login URL. Please note that with this setting, you can only log in via the Meisterplan login page and no longer via the OneLogin app start.
For additional details on logging in via SSO, see the article Login.