Configuring Deep Freeze Cloud for SSO using OneLogin
Posted by Adam Zilliax on 25 November 2020 03:35 PM

Overview

This document will detail the process to configure the Deep Freeze Cloud so that users can log into the Deep Freeze Cloud site using credentials from OneLogin as an identity provider.

Requirements

This document assumes that the person configuring Deep Freeze Cloud is familiar with OneLogin and has already configured the appropriate user credentials in their environment and that they have signed up for a Deep Freeze Cloud Account.

Process

  1. Login to the OneLogin Console
  2. Click on Administration
  3. Click on Applications
  4. Click on Add App
  5. Under Search enter SAML and select “SAML Test Connector (Advanced)”
  6. Specify Display name and click Save
  7. Under More Actions click on SAML MetaData to download MetaData
  8. Go to Deep Freeze Cloud Console
  9. Under User Management select SAML Integration
  10. Under Identity Provider Setup select Upload IdP Metadata, using Browse pick the file downloaded in step #7 and click on Next
  11. Under Attribute Mapping keep default settings to use email unless some other custom attribute is configured under OneLogin console. In this case select “Use Custom Attribute instead of NameID for uniquely identifying a user.” and provide a custom attribute.
  12. Under Settings enter the Login Domain which will be used to login to Cloud Console and specify User Roles which will be assigned on the first login.

    By default Administrator role is assigned to the user. Users will have access to all sites under the Organization (this could be changed later under the User Management to desired). Click Save
  13. Under the Service Provider Configuration tab click on Copy for Audience URL
  14. Switch to OneLogin console, under Configuration insert copied link into Audience (EntityID)
  15. Go back to Deep Freeze Cloud Console and copy the link from Assertion Consumer Url
  16. Switch to OneLogin Console and insert the same copied link under three following places:
    Recipient
    ACS (Consumer) URL Validator*
    ACS (Consumer) URL*