Avi Vantage Integration with OneLogin

An Avi virtual service’s ability to act as a service provider is key to support of Security Assertion Markup Language (SAML), starting with release 18.2.2. To fulfill this role, the Avi virtual service sends authentication requests to an identity provider (IDP), responses from which govern user access to back-end applications running in Avi pools. Multiple third-party integrations have been implemented by Avi Networks to give customers a choice of IDP. This article outlines the steps necessary to enable OneLogin as IDP.

Avi as SP and OneLogin as IDP

OneLogin as IDP

  1. Login to OneLogin with admin access of developer account and click on Add apps.

  2. Search for SAML in the search tab.

  3. For this guide, we have selected the SAML Test Connector (IDP w/ attr w/ sign response).

  4. Once you select the option as mentioned above, the following screen will appear.

    OneLogin configuration step

  5. Click on Save.

  6. Open the app again; click on Configuration and add the details as shown below.

    • Audience should be same as Entity ID on Avi.
    • ACS (Consumer) URL* should be same as the SSO URL on Avi.

    OneLogin configuration step

  7. Click on Save. On next screen you can continue with default parameters or add new ones.

    OneLogin configuration step

  8. Click on Next on the Rules screen.

  9. On the SSO tab you can change the certificate from SHA1 to SHA2, if required. Click on Save.

    OneLogin configuration step

  10. The next three tabs — Access, Users, and Policies — are for assigning the apps to the users and providing the required permissions. Click on Save.

This completes the configuration on the IDP.
To download metadata, click on More Actions and select SAML Metadata to download the IDP metadata.

OneLogin configuration step
This completes the process of creating an application on OneLogin.

Once configuration is complete on OneLogin, configure an Avi virtual service to act as service provider by following the instructions given in the SAML Configuration on Avi Vantage article.

Suggested Reading

Configuring SAML Authentication with Workspace One for Avi Controller