Skip to main content

SSO - Configuring OneLogin for Maze

Sean Kinney
  • Updated
This article refers to Maze's legacy SSO configuration. For information about the new SSO feature, please refer to the following article: Setting up SSO for your team

Overview

Maze offers SSO as a feature for Enterprise customers who require their team members to log into Maze using their own identity provider. At present, we support Okta and OneLogin using OpenID Connect specifically. This document will walk you through how to configure OneLogin and the steps you'll need to take after you've configured OneLogin to enable Maze Support to finish your SSO setup.

Setting up OneLogin

To get started, you will need to add the generic OpenID Connect app to OneLogin and then configure it for Maze:

  1. Log into OneLogin as an administrator and click Applications in the top navbar

    onelogin_sso_01.png
  2. Click Add App and search for "OpenID"

    onelogin_sso_02.png
  3. Click on the "OpenID Connect" app published by OneLogin
  4. Title your app "Maze" and add the rectangular and square logos that you'll find attached, then click Save to add the new app

    onelogin_sso_03.png

  5. After you've created the app, you'll still need to configure it by clicking into the Configuration option in the left sidebar and then adding the following values and replacing TEAM_IDENTIFIER with the identifier you've been directed to use by Maze Support:

    Login Url
    https://maze.design/login-sso/TEAM_IDENTIFIER
    Redirect URI's
    https://sl-api.maze.design/auth/sso/TEAM_IDENTIFIER/callback https://sl-api.maze.design/auth/sso/onelogin/callback

    onelogin_sso_04.png

  6. Click into the SSO option in the left sidebar and note the following details:

    • Client ID
    • Client Secret

    onelogin_sso_05.png

  7. While still in the SSO tab, change the "Authentication Method" under "Token Endpoint" to "POST" and make sure that "Application Type" is "Web" as shown below:

    onelogin_sso_06.png

After this, complete the installation the way you would any other application in OneLogin by assigning the application to authorized users. However, your users will not be able to access your Maze instance via SSO until you work with Maze Support to finish your SSO setup.

Completing your SSO Setup

Once you've completed the application installation and configuration steps in the preceding section, an owner or admin on your Enterprise team will need to contact Maze Support to request SSO setup be complete and will need to provide the following details:

  • Client ID
  • Client Secret
  • TEAM_IDENTIFIER (if you used something besides what you were directed to use)

Because these are used to generate SSO authentication requests, they are sensitive information. As a result, we would suggest you share them with Maze Support using https://onetimesecret.com/ or a similar trusted solution rather than including these values as plain text in your support ticket.

Once Maze Support receives these details, we will finalize your SSO setup on this end and then work with you on migrating any users that may need to be migrated to SSO.

Related articles