Knowledge Base

Documentation to help you use the POEditor localization platform effectively

OneLogin Single Sign-On (SSO)

Owner

SAML-based Single Sign-On can be used only with POEditor organizations that have a paid plan.

To set up SAML-based SSO login for a POEditor organization using the OneLogin identity provider, you can follow the steps in this article.

Get started by going to Organization Settings > Organization > Single Sign-On and entering the password for your personal POEditor account.

What you need to set up in OneLogin

In the OneLogin app, you will need to:

1) Create an app (custom connector) for POEditor. Navigate to the Administration panel, go to the Applications section, click on Add App and then search for SAML Custom Connector (Advanced).

Create SAML Custom Connector in OneLogin Admin panel

Give your custom connector a name (this is mandatory), fill in the other details for the connector (optional), and hit Save.

Create custom connector in OneLogin

2) Configure the custom connector. In the Configuration section of your newly created custom connector, you will need to fill in the following fields:

  • Audience (EntityID) with the Entity ID in POEditor
  • ACS (Consumer) URL Validator with the ACS URL in POEditor, but with all the backslashes escaped with \, as well as the start of the link marked with ^ and the ending of the URL marked with $.
    Example: if you ACS URL is https://poeditor.com/identities/sso_response/ACME, your ACS (Consumer) URL Validator will be ^https:\/\/poeditor\.com\/identities\/sso_response\/ACME$
  • ACS (Consumer) URL with the ACS URL in POEditor
  • Login URL with the Sign in URL in POEditor (which you will receive at the final step when setting up SSO for your organization).

Configure custom SAML connector in OneLogin

3) Set up the parameters for your custom connector. In the Parameters section, you can set up the required custom parameters. The POEditor localization platform has the following attribute mapping:

  • email (for the user's email)
  • firstName (for the user's first name)
  • lastName (for the user's last name)
  • userID (for the user's identifier) - corresponds to Username in OneLogin
  • teams (for user groups) - corresponds to MemberOf in OneLogin

OneLogin parameters - POEditor localization platform

What you need to set up in POEditor

In POEditor, you will need to add:

1) a Default Team, which is the POEditor team where the users from your identity provider will be added, unless you already have them grouped in your IdP and send them as such to our platform, in which case each group will create a team in POEditor.
2) the SAML File Content (the content of the SAML file from your identity provider), which is the SAML Metadata that you download from the app you created in OneLogin.

SAML Metadata in OneLogin app

Once everything is properly set up in both the POEditor localization platform and in the OneLogin IdP, the users added to your IdP can login to POEditor using the Sign in URL.

You can restrict access to your organization's assets for users without SSO if you enable the Require SSO option in the Organization Settings.

Additional help

Related articles