BrowserStack SSO with OneLogin | SAML

Integrate your OneLogin directory with BrowserStack to set up Single Sign-on

Introduction

Single Sign-on integrates an external user directory with your BrowserStack Group. This document describes how to configure Single Sign-on when OneLogin is your identity provider.

Prerequisites

To set-up and use OneLogin & BrowserStack Single Sign-on (SSO) feature:

  • You need to have an Enterprise plan with BrowserStack.
  • You need to have administrator access on your organization’s Okta instance.
  • By default, a user account with Owner permissions can setup SSO on BrowserStack.
Note: If required, Owner can also allow SSO setup access to one of the Admin(s). Learn more

Supported Features

The OneLogin & BrowserStack Single Sign-on integration currently supports the following features:

Feature Description
SP-initiated SSO: This option gives organization end users the ability to sign in using BrowserStack Login page and then sends an authorization request to the Identity Provider. Once the IdP authenticates the user identity, the user is logged into BrowserStack.
IdP-initiated SSO: With this option, the end users of organization must log into the Identity Provider’s SSO page and then click on BrowserStack application icon to log into and open BrowserStack.

Configuration Steps

A. SSO Setup Page

  1. Sign-In to BrowserStack account as Owner.

  2. Go to Account -> Settings & Permissions page and select the Security tab. Go to Account and click on Settings & Permissions and select the Security tab. Under Single Sign On (SSO), click Configure

B. Initiate the set-up on BrowserStack

  1. Under Single Sign On (SSO), click Configure.

  2. On the next screen, you will be shown all the Authentication services that BrowserStack supports, select SAML 2.0, and click Next. SSO Select SAML Authentication Service

  3. Choose OneLogin as Identity Providers, and click Next. Initial setup with one login

  4. Copy the IDP initiated the ACS URL IDP initiated ACS URL

C. Setting Up BrowserStack App on OneLogin

  1. Find BrowserStack under Add New Applications BrowserStack under Add New Applications

  2. Give it a connector name, and save

  3. Go to the Configuration tab

  4. Paste the IDP initiated the ACS URL in the IdP initiated ACS URL field Enter IdP initiated ACS URL inside SSO setup

  5. Save

  6. Go to the SSO tab in OneLogin. Copy the following for the next steps on BrowserStack
    a. Copy the SAML 2.0 Endpoint
    b. Copy the SLO Endpoint (HTTP)
    OneLogin SLO http endpoint c. Click on View details under X.509 Certificate tag to copy certificate
    X.509 Certificate

D. Saving your Configuration on BrowserStack

  1. Paste copied configuration
    a. SAML 2.0 URL in SAML 2.0 Endpoint (HTTP)
    b. SLO Endpoint (HTTP) to SLO Endpoint
    c. Certificate in the Public Certificate field
    Configuration setup for OneLogin d. Click Next

  2. Select update profile option as per choice Update profile option in SSO Settings

Test & Enable

A. Test the integration via Test Setup

  1. Click Test Setup to test the integration. Test Setup

  2. You will be prompted towards Service Provider flow and your user will be authenticated via OneLogin. The test is successful upon completion of the SSO Authentication flow.

  3. Upon a successful test, you can enable the Single Sign-on feature for your Organization.
    a. You have the option of sending out a mail to all Group members on BrowserStack, to inform them about this change, and link to the new login URL.
    b. Click Enable to enable the feature. Click on Enable button to enable Single Sign-on feature

B. Your SSO connection has been enabled

You will automatically be logged out of BrowserStack, and redirected to log-in via SSO.

Note: You will need to assign the Group Owner’s email address on BrowserStack’s OneLogin app before you can test and enable it.

Troubleshooting

Error while testing (Type 1)

The user saved the configuration of the connection on the other application. Please make sure that the correct configuration is saved on OneLogin app.

Save correct configuration on OneLogin app

User Mismatch

User logged in on Onelogin and BrowserStack is different. Please make sure that you are using the same email to login on BrowserStack as well as OneLogin.

Email Id on browserstack and OneLogin should be same

Internal Error

In case of this error, please connect with us via support@browserstack.com.

If there is an issue with the verification process, try after sometime and contact support if problem still persists

Misconfigured ACS URL

Screenshot for misconfigured URL

Note:
  1. User provisioning: Integrate OneLogin via SCIM to manage users. To configure, visit documentation.
  2. Please connect with support@browserstack.com for any escalations or support.

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback!

Talk to an Expert
Talk to an Expert