Configure and Provision SAML SSO with OneLogin
Who can use this feature?
🔒 Users on the Figma Organization Plan
👤 Only Organization Admins can configure SAML SSO
👤 You will need to have an existing OneLogin account
Learn more about SAML SSO in our Getting Started with SAML SSO article.
Figma supports both Identity Provider and Service Provider initiated SAML. Our integration with OneLogin supports both Authentication and Provisioning for SAML.
To configure SAML SSO with OneLogin:
- Add Figma to OneLogin
- Configure SAML SSO in Figma
- Configure SAML SSO in OneLogin
- Set up Automatic Provisioning via SCIM
Add Figma to OneLogin
First, you'll need to add the Figma App to your OneLogin account.
- Log in to your OneLogin account and go the Administration section.
- Head over to the Apps page and select Add Apps.
- Search for "Figma" in the Find apps field.
- On the Info tab, click Save to add the app to your Company Apps.
- You will then be able to access the additional configuration settings. Click on the SSO tab:
- Copy the contents of the Issuer URL field:
Configure SAML SSO in Figma
Next you'll need to set up SAML SSO in Figma.
- Open the Admin Console:
Click on the Organization’s name in the File Browser and go to the Settings tab.
- In the General tab, find the Log in and Provisioning section.
- Click the Update Log In Settings link.
- Click the Configure SAML button at the bottom of the SAML SSO section.
- Select Okta from the options.
- Enter the IdP Metadata IRL you got from Okta. Click Review.
- Check the box to confirm This information is correct... and click Configure SAML SSO.
- Click the Copy link next to your Tenant ID. You'll need this to complete the set up process in Okta.
Configure SAML SSO in OneLogin
Once you've received your confirmation and Tenant ID, you can complete the configuration process in OneLogin.
- Go back to the Figma App in OneLogin (Administration > Apps > Figma)
- Go to the Configuration Tab for the Figma app:
- Enter the Tenant ID that you copied from Figma.
- Click SAVE to complete the process.
Set up Automatic Provisioning via SCIM
To set up Automatic Provisioning you will need to:
We recommend having both of these windows open at the same time, to make that process easier.
Generate an API Token in Figma
- In Figma, click on your Organization and go to the Settings tab.
- On the General page click the Update Log in Settings link.
- In the SCIM Provisioning section, click Generate API Token.
- Copy the API Token value.
Configure Automatic Provisioning in OneLogin
You'll need your API Token from Figma
- Open the Figma app in OneLogin.
- Go to the Configuration Tab for the Figma app.
- Under API connection, enter your API token in the SCIM Bearer Token field.
- Click ENABLE.
- Go to the Provisioning tab and check the box next to Enable Provisioning.
- Select which provisioning actions you want to require administrator approval for. You can choose to enable this for:
- Create User
- Delete User
- Update User
- Decide the appropriate action for When user accounts are suspended in OneLogin..
Add Custom Attributes
Some Figma attributes are mapped to OneLogin attributes by default:
Other SCIM Enterprise User attributes are optional. You will need to add these as custom user fields if you want to include them in your provisioning:
To create a custom field in OneLogin:
- Login to your OneLogin account.
- Go to Users > Custom User Fields in the main menu:
- Complete the New User Field inputs.
- Click SAVE to apply your changes.