• HOME
  • INTEGRATIONS
  • SDKS
  • GUIDES
  • API DOCS
No results for ""
EXPAND ALL
CLOSE
launchdarkly.com

EDIT ON GITHUB

OneLogin

Read time: 2 minutes
Last edited: Feb 12, 2020

Overview

This topic explains how to connect OneLogin to LaunchDarkly.

After you complete these procedures, you can use OneLogin to manage your LaunchDarkly users, including configuring their roles and access.

Adding a LaunchDarkly SAML Application

To add a LaunchDarkly SAML application to OneLogin:

  1. Log in to OneLogin.
  2. Navigate to Applications.
  3. Click the Add App button.

The Administration screen of OneLogin.
The Administration screen of OneLogin.

  1. Search for LaunchDarkly. The pre-configured app templates for LaunchDarkly appear.
  2. Choose the SAML 2.0, provisioning version of the LaunchDarkly app.

The LaunchDarkly search results.
The LaunchDarkly search results.

SAML 2.0 is required
Choose the SAML 2.0, provisioning app from the list of LaunchDarkly apps. If you choose another app, it will not work.

Configuring LaunchDarkly's Security Settings

To enable SAML with OneLogin, you must configure the LaunchDarkly's security settings as well as the information OneLogin has about LaunchDarkly.

To configure LaunchDarkly's security settings for SAML:

  1. Open LaunchDarkly's Security page.
  2. Click Edit SAML Configuration. The Edit your SAML configuration screen opens.
  3. Enter configuration information from OneLogin in the appropriate fields.
  4. Copy the Assertion customer service URL to a secure place. You need it in order to configure OneLogin.

The SAML configuration screen.
The SAML configuration screen.

Configuring your LaunchDarkly app in OneLogin

In the SSO section of your LaunchDarkly application in OneLogin, you'll find the required values for the Sign-on URL as well as your X.509 certificate. You will need to input OneLogin's SAML 2.0 Endpoint (HTTP) value to the Sign-on URL field:

  1. Log in to OneLogin.
  2. Click Applications > Applications.
  3. Choose the LaunchDarkly app from the list of apps.
  4. Navigate to the SSO section of your LaunchDarkly OneLogin application.
  5. Copy OneLogin's SAML 2.0 Endpoint (HTTP) value to a secure place.
  6. Open LaunchDarkly in a separate tab. You need information from OneLogin to finish configuration.

The SSO section of LaunchDarkly.
The SSO section of LaunchDarkly.

Configuring the LaunchDarkly App in OneLogin

In this procedure, you will connect LaunchDarkly to OneLogin.

  1. Log in to OneLogin.
  2. Navigate to the Configuration section.
  3. Enter the assertion customer service URL you saved from the previous procedure in the Consumer URL field.

The OneLogin Configuration screen.
The OneLogin Configuration screen.

This connects LaunchDarkly to OneLogin.

Adding Users and Setting Roles in OneLogin

Now that you have the LaunchDarkly application configured in OneLogin, all that remains is to add user access to the LaunchDarkly app.

Now that you have the LaunchDarkly application configured in OneLogin, all that remains is to add user access to the LaunchDarkly app.

  1. Log in to OneLogin.
  2. Navigate to the User directory.
  3. Click on the profile of the user you would like to add to LaunchDarkly.
  4. Click on that user's Applications section.
  5. Click the + in the top right corner.
  6. Choose LaunchDarkly from the list. The Edit Login menu opens.

The Applications section.
The Applications section.

  1. (Optional) Configure the lastName and firstName fields with user information.

The Edit Login screen.
The Edit Login screen.

  1. Enter role information for the user. The three supported roles are:
  • reader
  • writer
  • admin
  1. (Optional) If you are using a custom role, enter the custom role key in the customRole field. If a user has multiple custom roles, add them by entering the role keys for each role, separated by commas.
Enter All of a User's Roles
When you are configuring a user, you must enter the complete list of the user's roles, including the roles already present in LaunchDarkly. This list overrides what is in LaunchDarkly. It does not append to an existing list in LaunchDarkly. If you make any changes to the user's name or roles within OneLogin, they update the next time the user accesses LaunchDarkly through the OneLogin portal.
  1. Click Save.

Now this user can access the LaunchDarkly app through OneLogin.

If this is a new user who has never accessed LaunchDarkly before, an account will be automatically created for them when they log in through the OneLogin portal.

User Provisioning with SCIM

You can also configure OneLogin to provision users with LaunchDarkly's SCIM API.

Administrator Permissions and SSO are Required
You must be a LaunchDarkly administrator or account owner to complete this procedure. In addition, you must have already enabled SSO by following the procedure above.
  1. Log in to OneLogin.
  2. Access the LaunchDarkly app.
  3. Click Configuration.

The Configuration tab.
The Configuration tab.

  1. Click Authenticate in the API Connection section. The LaunchDarkly OAuth workflow begins.
  2. Click the LaunchDarkly (SCIM Test) link. The LaunchDarkly OAuth authorization appears.
  3. Click Authorize to allow OneLogin to manage your users.

The LaunchDarkly OAuth permissions screen.
The LaunchDarkly OAuth permissions screen.

  1. In OneLogin, navigate to the Provisioning tab.
  2. Confirm that the Enable Provisioning box is checked in the Workflow section.
  3. Click Save.

The Provisioning screen.
The Provisioning screen.

That's it! You have successfully connected OneLogin with LaunchDarkly.