Configure and Provision OneLogin SAML SSO for your Organization
If you're using OneLogin, then you can configure your Figma Organization to allow users to login to their account using their OneLogin credentials.
This also allows you to control who has access to your Figma account, and manage your user accounts in one place, directly in OneLogin.
In this article, we'll take you through the steps required to get SAML SSO set up with OneLogin:
Learn more about SAML SSO in our Getting Started with SAML SSO article.
Add the Figma App to OneLogin
First, you'll need to add the Figma App to your OneLogin account.
- Log in to your OneLogin account.
- Go to the Administration section.
- Go to the Apps page and select Add Apps.
- Search for "Figma" in the Find apps field.
- On the Info tab, click Save to add the app to your Company Apps.
- You will then be able to access the additional configuration settings. Go to the SSO tab:
- Copy the contents of the Issuer URL field:
Enable OneLogin in Figma
Next, you will need to set up the OneLogin integration in Figma.
- Open the Admin Console in your Figma Organization:
- From the General page, find the Sign in and Provisioning section. Click the Update Sign in Settings link:
- From the Authentication and Provisioning page, you can set your Authentication preference. Before you can select SAML SSO from the options, you will need to Configure SAML. Click the Configure SAML button at the bottom of the SAML SSO section:
- In the Configure SAML SSO modal, select OneLogin from the Identity Provider(Idp) section.
- In the IdP Metadata URL field, enter your Issuer URL from OneLogin. Click Review.
- You'll be prompted to review and confirm the details are correct. This is the only time you will be able to make changes to your OneLogin details, without having to contact customer support. Check the box to confirm This information is correct...
- Click Configure SAML SSO to complete the setup process
- You will now see a confirmation of your OneLogin SAML SSO Configuration in the SAML SSO section. Click the Copy link next to your Tenant ID. You will need this during the set up process in OneLogin:
Note: If you plan to use SCIM with OneLogin, you’ll also want to click Generate API token at the bottom of this page and save this token for configuration in OneLogin.
Configure the OneLogin Application
- Go back to the Figma App in OneLogin (Administration > Apps > Figma)
- Go to the Configuration Tab for the Figma app:
- Enter the Tenant ID that you copied from Figma.
- Click SAVE complete the process.
If you would like to configure SCIM, you will need to generate an API Token in Figma.
- Open the Figma app in OneLogin.
- Go to the Configuration Tab for the Figma app.
- Under API connection, enter your API token in the SCIM Bearer Token field.
- Click ENABLE to complete the process.
- Open the Figma app in OneLogin.
- Go to the Provisioning tab in the Figma app.
- Check the box next to Enable Provisioning
- Select which provisioning actions you want to require administrator approval for. You can choose to enable this for:
- Create User
- Delete User
- Update User
- Decide the appropriate action for When user accounts are suspended in OneLogin..
Adding Custom Attributes
Some Figma attributes are mapped to OneLogin attributes by default. You won't need to re-configure these:
- First Name
- Last Name
- SCIM Username
Other SCIM Enterprise User attributes are optional. You will need to add these as custom user fields if you want to include them in your provisioning:
Adding Custom User Fields
To create a Custom Field in OneLogin:
- Login to your OneLogin account.
- Go to Users > Custom User Fields in the main menu:
- Complete the New User Field inputs.
- Click SAVE to apply your changes.