Zoomed Image
USA
800 691 9120
UK
01225 704844

SSO with OneLogin

xAssets Configuration Guide
Single Sign On

SSO with OneLogin

This page provides step-by-step instructions for configuring OneLogin as the single sign-on provider for xAssets. The integration uses PKCE (Proof Key for Code Exchange) authentication, so a client secret is not required.

Prerequisites

  • A OneLogin account with administrator access
  • Configuration-level access to xAssets
  • The SSOADMIN account created and in the Admins group (see SSO Introduction and Setup)

Step 1: Add the OIDC Application in OneLogin

  1. Log in to the OneLogin admin console
  2. Navigate to Applications > Add App
  3. Search for and select OpenId Connect (OIDC)

Screenshot

  1. In the application configuration, add the redirect URL:
https://mycompanyname.hosted.xassets.net/a.aspx

Replace mycompanyname with your actual xAssets instance name.

OneLogin OIDC redirect URL configuration

Step 2: Configure the SSO Settings

  1. Navigate to the SSO tab of the application
  2. Set the following values:
Setting Value
Application Type Web
Token Endpoint None (PKCE)

Screenshot

  1. Note the Client ID from this tab -- you will need it for the xAssets credential pack

Screenshot

Step 3: Assign Users

  1. Navigate to the Users tab of the application
  2. Add the OneLogin users who should be allowed to log in to xAssets

OneLogin users tab

  1. Ensure each user has OpenID scope permissions:

Screenshot

Important: Users who are not assigned to the application in OneLogin will be unable to log in to xAssets, even if they have valid OneLogin credentials.

Step 4: Create a Credential Pack in xAssets

  1. Navigate to Discover > Prepare > Credentials (or Settings > Credentials)
  2. Click Create Credentials
  3. Configure the credential pack as follows:
Field Value
Pack Name ONELOGIN-SSO
Domain Your OneLogin domain (e.g., xassets-dev.onelogin.com)
Username The Client ID from the SSO tab (Step 2)
Password Any random value (not used with PKCE, but must not be blank)

Screenshot

  1. Save the credential pack

Step 5: Set the Authentication Type

  1. Navigate to Admin > Settings
  2. Set the AUTHENTICATIONID to the OneLogin option
  3. Ensure the AUTHENTICATIONSCRIPT points to the Authentication.xsc script (this should be set automatically)

Step 6: Test the Login

  1. Open a new private/incognito browser window
  2. Navigate to your xAssets URL
  3. You should be redirected to the OneLogin login page
  4. After successful authentication, you should be returned to xAssets and logged in

If the login fails, see Troubleshooting. To bypass SSO for troubleshooting, add ?logondirect=direct to your xAssets URL.