Skip to main content
Procore

Configure SP-Initiated SSO for OneLogin

Objective

To configure Procore's SP-initiated SSO for OneLogin. 

Background

To assist you with understanding the terms discussed below, here are some definitions:

  • Identity Provider (IdP). This is the service that verifies the identity of your end users (e.g., Okta, OneLogin, or Azure AD).
  • Issuer URL (Entity ID). A unique string that identifies the provider issuing a SAML request. 
  • SAML. Short for Security Assertion Markup Language.
  • Service Provider (SP). Procore
  • Target URL. The IdP URL that will receive SAML requests from Procore.
  • x509 Certificate. This is an encrypted digital certificate that contains the required values that allow the SSO service to verify the identities of your users.

If your company wants to configure Single Sign-On with OneLogin, you can leverage one of Procore's supported SSO solutions:

  • Identity Provider Initiated (IdP-initiated) SSO. With this option, your end users must log into your Identity Provider's SSO page (e.g., OneLogin) and then click an icon to log into and open the Procore web application. To configure this solution, see Configure IdP-Initiated SSO for OneLogin.
    OR
  • Service Provider Initiated (SP-initiated) SSO. Referred to as Procore-initiated SSO, this option gives your end users the ability to sign into the Procore Login page and then sends an authorization request to the IdP. Once the IdP authenticates the user's identify, the user is logged into Procore. To configure this solution, see the Steps below. 

Things to Consider

  • Required Permissions:
    • Administrator permission to OneLogin.
      AND
    • 'Admin' level permissions to Procore's Company level Admin tool.
  • Prerequisites:
  • Supported Authentication Protocol:
    • Security Assertion Markup Language (SAML 2.0) 
  • Additional Information:
    • Procore-initiated SSO supports both single domain and multiple domain sign in. After completing the steps below, you must provide your SSO domain(s) to your company's Procore point of contact. This information will added to Procore as a final configuration step before you test your SSO configuration. 

Steps

Complete these steps:

Step 1: Add the Procore App to OneLogin

  1. Log in to your organization's OneLogin portal as an Administrator.

    one-login-procore.gif
     
  2. Choose Apps > Add Apps
    This reveals the Find Applications page. 
  3. At the Find Applications page, type: Procore
    The Procore app will appear.
  4. Click the Procore app. 
    This reveals the Configuration page. 
  5. Verify the following:
    • Display Name. Verify that the entry reads "Procore". 
    • Visible in Portal. A GREEN checkmark should appear. 
    • Rectangular Icon. The Procore logo should appear. 
    • Square Icon. The Procore icon should appear. 
    • Description. This is not a required field. Enter data only if you want to. 
  6. At the top-right, click Save.
    A green banner appears to confirm that the app was successfully added.

Step 2: Configure Procore with the SSO Settings from OneLogin

  1. In the new app's page in OneLogin, click the SSO tab.
    This tab provides you with access to all of OneLogin's SSO Settings. Later, you will add the settings that you copy on this page to Procore's Company Admin tool. 
  2. In the X.509 Certificate box, click View Details.
    This opens a page showing all the certificate details. 
  3. In the top-right corner of the X.509 Certificate box, click Copy to Clipboard.
    This copies the X.509 certificate to your web browser's clipboard.
    Important! When using the OneLogin website, you might want to paste the items you copy into a Notepad document, to ensure that the Copy to Clipboard command worked as expected. When the copy command is successful, the browser will display a 'Copied' tooltip like the one illustrated below. If the copy command does NOT work in your browser version, simply place your mouse cursor in the text field the copy all the text (e.g., press CTRL+C in Windows or CMD+C on a Mac). 

    onelogin-copy-x509.gif
     
  4. Format the Certificate
    1. Open a new browser tab. Then visit this link:
      https://www.samltool.com/format_x509cert.php
      This opens the Format an X509 Certificate page, which is owned by OneLogin. 

      onelogin-copy-cert.gif
       
    2. Paste the X.509 certificate that you copied into the X.509 Cert field.
    3. Click the Format X.509 Certificate button. 
      The OneLogin tool automatically formats the certificate in two ways -- with the header or with the string.  
    4. Scroll to X.509 Cert in String Format box at the bottom of the page. Then choose one of the options to copy the certificate information:
      • Click the Copy to Clipboard icon in the top-right corner of the X.509 Cert In String Format box. 
        OR
      • Select all of the text in the X.509 Cert In String Format box. Then right-click and choose Copy from the shortcut menu.
    5. Leave the Format an X509 Certificate page open.
      You will need to copy some information in this page when performing next configuration step in the Procore for web application.

Step 3: Add the OneLogin Settings to Procore's Company Level Admin Tool

  1. Leave the Format an X509 Certificate page page open as described in the previous step. 
  2. Log into Procore using your Procore Administrator account.
  3. Navigate to the Company level Admin tool.
    This reveals the Company Settings page.
  4. Under Administrative Settings, click Single Sign On Configuration
    This opens the Single Sign On Configuration page. Leave this window open.
  5. In Procore, scroll to the bottom of the page and click Save Changes
  6. Paste the information from OneLogin into Procore as follows:
                                                                                                                                      
    Copy this information from OneLogin… Paste it into this field in Procore…
    X.509 Cert in String Format
    This should still be in your clipboard memory. 
    Single Sign On x509 Certificate
    Paste the certificate in the string format into this field.
    Issuer URL
    Copy the Issuer URL from the SSO tab for the Procore app in OneLogin.

    Single Sign On Issuer URL

    Paste the Issuer URL into this field.

    SAML 2.0 Endpoint (HTTP)
    Copy the SAML 2.0 Endpoint (HTTP) from the SSO tab for the Procore app.

    Single Sign On Target Url

    Paste the SAML 2.0 Endpoint (HTTP) into this field.

  7. In Procore, scroll to the bottom of the page and click Save Changes
    This saves your SSO configuration.
  8. Contact your Procore point of contact. Before you can test your SSO configuration, a final configuration step must be performed by Procore.  

 

After the last configuration step is completed by Procore, you can add the app for your users. To learn how to manage users in OneLogin, read Managing Users on the OneLogin Help Center. 

See Also 

  • Was this article helpful?