OneLogin integrations

Available in Classic and VPC

This section describes how to integrate OneLogin, a user authentication and access permissions management solution, with a NAVER Cloud Platform account. Users within the organization can log into the NAVER Cloud Platform console with the OneLogin account being used and utilize the services within the granted permissions.

The sequence of integrating NAVER Cloud Platform accounts and OneLogin accounts is as follows:

1. Download metadata from OneLogin.
2. Register external IdP information from NAVER Cloud Platform.
3. Configure OneLogin authentication.
4. Configure NAVER Cloud Platform authentication.
5. Verify integrations.

1. Download metadata from OneLogin

When registering external IdP information in the Ncloud Single Sign-On service, OneLogin metadata is required. This section describes how to download OneLogin metadata.

To download metadata from OneLogin:

Access OneLogin and click Applications > Applications at the top of the interface.
Click the [Add App].
Enter "SAML Custom Connector (Advanced)" in the search component and click the search result.
Enter a name in Display Name and click the [Save].
Click the Configuration menu on the left side of the interface.
On the top right of the interface, click More Actions > SAML Metadata.
Confirm the file downloaded to the user's PC.

2. Register external IdP information from NAVER Cloud Platform

To register OneLogin metadata in the Ncloud Single Sign-On service:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
In the Tenant menu, click [Register external IdP].
In the Metadata item, paste the metadata information downloaded from 1. Download metadata from OneLogin, then click the [Save].
- The sub-information will be entered automatically.
Click the [Register].

3. Configure OneLogin authentication

This section describes how to enter external IdP metadata information and user profiles obtained from the NAVER Cloud Platform console into OneLogin.

Note

When mapping user profiles, there are methods to manually enter the profile and to set it to receive information from IdP during login. This guide is based on how to receive information from IdP during login.

Enter SAML information

To enter SAML information in OneLogin:

After accessing OneLogin, click Applications > SAML Custom Connector (Advanced).
Click the Configuration menu on the left side of the interface.
Enter as follows:
- Audience: The Issuer URL information copied in Copy SAML integration information.
- Recipient: Enter the Assertion Consumer Service (ACS) URL information copied from Copy SAML integration information.
- ACS URL Validator: Enter the Assertion Consumer Service (ACS) URL information in Copy SAML integration information.
- ACS URL: Enter the Assertion Consumer Service (ACS) URL information copied from Copy SAML integration information.
- Login URL: The Login URL copied in Copy SAML integration information.
- SAML Initiator: Select Service Provider.
Once you enter the mandatory information, click the [Save] located at the top right of the interface.

Copy SAML integration information

To integrate Ncloud Single Sign-On and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.
To confirm the ACS URL and Issuer URL of NAVER Cloud Platform:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Copy the following information from the External IdP Metadata component in the Tenant menu:
- Assertion Consumer Service (ACS) URL
- Issuer URL
- Login URL

Configure attribute mapping

To map user profiles of OneLogin with the Ncloud Single Sign-On service, this defines the user property information to be forwarded from OneLogin to NAVER Cloud Platform.

Note

This guide describes the user property information primarily used in authentication, which are FirstName, LastName, and Email.

To define user property information in OneLogin:

Click the Parameters menu on the right side of the interface in OneLogin.
Click the [+] button in the SAML Custom Connector (Advanced) field component.
Enter "FirstName" in Field Name, then click the [Save].
- The entered field name will be used during user profile mapping in the Ncloud Single Sign-On service.
Click the Value dropdown button and select the value to map to FirstName, then click the [Save].
Register LastName in the same manner.

Add OneLogin user

To add a user in OneLogin:

Click the Users > Users menu at the top of the interface.
Click the New User at the upper right of the interface.
Enter the First name, Last name, Email, and Username information of the user to be added, then click the [Save User].
To set the password for the created user, click More Actions > Change Password.

Assign application to user

To assign an application to OneLogin users:

Click the Users > Users menu at the top of the interface.
Click the user to whom the application will be assigned.
Click the Applications menu on the left side of the interface.
Click the [+] button in the Applications component.
Select the application to connect to, and then click the [Continue].
Check the information, and then click the [Save].

4. Configure NAVER Cloud Platform authentication

This section describes how to register the OneLogin account to be integrated with NAVER Cloud Platform console and then map user profiles.

Add SSO user

You need to create an SSO user in the Ncloud Single Sign-On service using the email information of the user created in the Add OneLogin user step.
To add an SSO user in the Ncloud Single Sign-On service:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click External IdP login > Users > [Create user].
Enter the email address of the user created in Add OneLogin users, then click the [Create].

Note

For more information about how to create an SSO user in Ncloud Single Sign-On, see Users.

Configure attribute mapper in NAVER Cloud Platform

To link the user property information set in OneLogin to the user property information of Ncloud Single Sign-On service:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Click the Tenant menu.
Click the [Attribute mapper].
When the attribute mapper interface appears, enter the registered content in Configure attribute mapping in External IdP parameter.
In sync mode, set the user profile update method.
- None: Do not update user profile.
- Import: Update user profiles only at first login.
- Force: Update the user profile at every login.
Click the [Save].

5. Verify integrations

To verify if the OneLogin account and the NAVER Cloud Platform account are integrated:

From the NAVER Cloud Platform console, navigate to > Services > Management & Governance > Ncloud Single Sign-On.
Copy the Login URL from the Tenant menu, then access the URL.
- The SSO role switch interface appears.
Click the [Console access] or [API access] on the SSO role switch interface.
- Depending on the access type set for the logged-in SSO user, the [Console access] or [API Gateway access] button appears.
Click Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User.
Click the [Profile] tab in the details of the logged-in SSO user, then check if the user profile has been updated.