Putting Lumos Behind OneLogin

After this article...

You'll have Lumos behind OneLogin SAML and can restrict who can log in! 🔒

Steps

1. Contact Lumos for OneLogin SAML configuration values.

Contact the Lumos support team via Slack or email (support@lumos.com) to obtain the required configuration URLs for your OneLogin custom SAML app.

You'll need the following:

• ACS URL

2. Log into OneLogin, go to the admin dashboard, and select “Applications” in the navigation bar.

3. Create a custom SAML application for Lumos

Follow the steps here to create a custom SAML app in OneLogin.

A Lumos logo is provided below if you would like to add this to the app in OneLogin (recommended).

4. Configure the SAML app fields in OneLogin.

Guidance on the app configuration fields for OneLogin is below.

ACS URL Validator

Take the ACS URL provided by Lumos and create a URL in the format below, replacing the alphanumeric string at the end of the example below with the string from the URL provided to you by Lumos. Make sure you keep the "$" sign at the end!

^https:\/\/auth\.workos\.com\/sso\/saml\/acs\/waasdfasdfadvasda$

ACS URL

Provided by Lumos in step 1 above.

Login URL

Use https://app.lumosidentity.com/login

SAML Initiator

Choose "Service Provider".

SAML Signature Element

Choose "Assertion".

5. Configure attribute mappings

Use the table below to copy + paste the following attribute mappings in OneLogin.

6. Send Metadata File to Lumos Support

Select “SSO” from the left-hand navigation.

Select the More Actions dropdown, then click on SAML Metadata. This will download an XML metadata file. Please send this to Lumos support.

7. Assign users to the application in OneLogin

Follow the instructions here to assign users to the OneLogin Lumos application.

8. Get confirmation from Lumos support that everything is ready!

Once Lumos has confirmed that you're set up via SSO, make sure that you can log into Lumos from the OneLogin tile or from the Lumos login page and you should be good to go! 🚀