Skip to main content

BrowserStack SSO with OneLogin | SAML

Integrate your OneLogin directory with BrowserStack to set up Single Sign-on


Single Sign-on integrates an external user directory with your BrowserStack Group. This document describes how to configure Single Sign-on when OneLogin is your identity provider.


To set-up and use OneLogin & BrowserStack Single Sign-on (SSO) feature:

  • You need to have an Enterprise plan with BrowserStack.
  • You need to have administrator access on your organization’s Okta instance.
  • By default, a user account with Owner permissions can setup SSO on BrowserStack.
Note: If required, Owner can also allow SSO setup access to one of the Admin(s). Learn more

Supported Features

The OneLogin & BrowserStack Single Sign-on integration currently supports the following features:

Feature Description
SP-initiated SSO: This option gives organization end users the ability to sign in using BrowserStack Login page and then sends an authorization request to the Identity Provider. Once the IdP authenticates the user identity, the user is logged into BrowserStack.
IdP-initiated SSO: With this option, the end users of organization must log into the Identity Provider’s SSO page and then click on BrowserStack application icon to log into and open BrowserStack.

Configuration Steps

A. SSO Setup Page

  1. Sign-In to BrowserStack account as Owner.

  2. Go to Account > Security and select Authentication from the side-nav menu. Configure SSO Step 1

B. Initiate the set-up on BrowserStack

  1. Under Single Sign On (SSO), click Configure.

  2. On the next screen, you will be shown all the Authentication services that BrowserStack supports, select SAML 2.0, and click Next. SSO Select SAML Authentication Service

  3. Choose OneLogin as Identity Providers, and click Next. Initial setup with one login

  4. Copy the IDP initiated the ACS URL IDP initiated ACS URL

C. Setting Up BrowserStack App on OneLogin

  1. Find BrowserStack under Add New Applications BrowserStack under Add New Applications

  2. Give it a connector name, and save

  3. Go to the Configuration tab

  4. Paste the IDP initiated the ACS URL in the IdP initiated ACS URL field Enter IdP initiated ACS URL inside SSO setup

  5. Save

  6. Go to the SSO tab in OneLogin. Copy the following for the next steps on BrowserStack
    a. Copy the SAML 2.0 Endpoint
    b. Copy the SLO Endpoint (HTTP)
    OneLogin SLO http endpoint c. Click on View details under X.509 Certificate tag to copy certificate
    X.509 Certificate

D. Saving your Configuration on BrowserStack

  1. Paste copied configuration
    a. SAML 2.0 URL in SAML 2.0 Endpoint (HTTP)
    b. SLO Endpoint (HTTP) to SLO Endpoint
    c. Certificate in the Public Certificate field
    Configuration setup for OneLogin d. Click Next

  2. Click Next to proceed to the Advanced options section. Here, you will be able to configure your SSO settings as either Required or Optional. This allows you to choose the level of SSO enforcement that suits your organization’s needs.

    • Required (default): Choose this option if you want to ensure that your team members must sign in to BrowserStack using SSO. Their BrowserStack credentials will no longer work. However, owners can still sign in using either of their SSO or BrowserStack credentials.

    • Optional: Opt for this setting if flexibility is your priority. With SSO configured as Optional, your team members can sign in using either their SSO or BrowserStack credentials. Additionally, you can choose to extend this flexbility only to some team members. Simply specify domains of members to exclude from Optional setting and all users from those domains will be required to login using SSO only. Advanced SSO settings

Test & Enable

A. Test the integration via Test Setup

  1. Click Test Setup to test the integration. Test Setup

  2. You will be prompted towards Service Provider flow and your user will be authenticated via OneLogin. The test is successful upon completion of the SSO Authentication flow.

  3. Upon a successful test, you can enable the Single Sign-on feature for your Organization.
    a. You have the option of sending out a mail to all Group members on BrowserStack, to inform them about this change, and link to the new login URL.
    b. Click Enable to enable the feature. Click on Enable button to enable Single Sign-on feature

B. Your SSO connection has been enabled

You will automatically be logged out of BrowserStack, and redirected to log-in via SSO.

Note: You will need to assign the Group Owner’s email address on BrowserStack’s OneLogin app before you can test and enable it.


Error while testing (Type 1)

The user saved the configuration of the connection on the other application. Please make sure that the correct configuration is saved on OneLogin app.

Save correct configuration on OneLogin app

User Mismatch

User logged in on Onelogin and BrowserStack is different. Please make sure that you are using the same email to login on BrowserStack as well as OneLogin.

Email Id on browserstack and OneLogin should be same

Internal Error

In case of this error, please connect with us via

If there is an issue with the verification process, try after sometime and contact support if problem still persists

Misconfigured ACS URL

Screenshot for misconfigured URL

  1. User provisioning: Integrate OneLogin via SCIM to manage users. To configure, visit documentation.
  2. Please connect with for any escalations or support.

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

Thank you for your valuable feedback

Is this page helping you?


We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

Thank you for your valuable feedback!

Talk to an Expert
Download Copy