Skip to main content
OneLogin provides a guided SAML Test Connector or custom SAML application template you can tailor for Planasonix. You need OneLogin admin rights and organization admin access in Planasonix.

Planasonix values

From Settings → Security → SSO, copy:
  • ACS URL (Recipient / Consumer URL in OneLogin terminology)
  • Entity ID (Issuer / Audience for the service provider)
Keep these available while you edit the OneLogin connector.

Create the SAML connector

1

Add a new application

In the OneLogin admin portal, go to Applications → Applications → Add App. Search for SAML Test Connector (Advanced) or a Generic SAML template your organization standardizes on, then add it.
2

Rename and assign

Set the display name to Planasonix (or your standard). Optionally upload a logo. Save the application shell before detailed SAML configuration.
3

Configure SAML parameters

Open the app → Configuration (or SSO depending on template). Set:
  • ACS (Consumer) URL: Planasonix ACS URL
  • Audience (EntityID): Planasonix Entity ID
  • Recipient and Consumer URL fields, if separate: match ACS URL unless OneLogin documentation for your template says otherwise
Set SAML name ID format to Email when Planasonix expects email-based Name IDs.
4

Signer and algorithm settings

Under SSO or Credentials, choose SAML Signature Element (assertion, response, or both) per your security policy. Use SHA-256 for signatures unless an older integration explicitly requires SHA-1.

Parameter configuration

OneLogin exposes Parameters that map user fields to SAML assertion attributes.
OneLogin valueSAML attribute name (example)
EmailEmail / User.email → export as email if required by Planasonix
First NameFirstName
Last NameLastName
Enable Include in SAML assertion for each parameter Planasonix lists as required.
Template field names differ between SAML Test Connector versions. If a field is missing, check the SSO tab and Parameters tab together; some ACS settings live only under Configuration.

SSO and issuer URLs for Planasonix

Under More Actions → SAML Metadata, download metadata XML for Planasonix. Alternatively, copy:
  • SAML 2.0 Endpoint (HTTP) — SSO URL for manual entry
  • Issuer URL — entity ID for the IdP
  • X.509 Certificate — signing cert
Paste or upload these in Planasonix Settings → Security → SSO.
Use OneLogin Mappings or Roles to control which users see the Planasonix app tile. That reduces help-desk noise from users who should not access the workspace yet.

Certificate rotation

When you renew the OneLogin signing certificate, download fresh metadata and update Planasonix before the previous certificate expires. Run a pilot login after upload.
If you change the ACS URL or Entity ID in OneLogin without updating Planasonix (or the reverse), users see IdP-initiated flows fail with opaque SAML errors. Treat SP values as read-only from the Planasonix console.

SSO overview

Enforcing SSO and handling JIT provisioning.

Session policy

Session length and IP constraints after OneLogin login.