OneLogin OpenID Setup

OneLogin OpenID Setup


Overview

This guide will show how to setup an OpenID login on Matillion ETL using OneLogin credentials through the User Configuration window. This includes acquiring credentials from OneLogin, setting up internal security in the User Configuration window, and then managing users and logging in with the OpenID credentials.

Important Information

  • Only credentials from a single provider can be used per instance.
  • Matillion ETL users must be created with the same login name as any expected OpenID login.
  • Valid OpenID setups may fail if the Matillion ETL instance is behind a Load Balancer (usually due to the incorrect detection of scheme and port). It is recommended a listener is setup on the ELB for port 443 instead of 80 to remedy the issue.

Acquiring Credentials for OneLogin

  1. Navigate to the OneLogin Website, and in the top right corner of the screen, click LOGIN.

    Log into OneLogin

    Log into OneLogin

  2. A series of login screens will follow. Firstly, enter the subdomain of the account, followed a valid username and password, then click CONTINUE. Once logged in, click Administration on the right of the header menu.

    OneLogin landing page

    OneLogin landing page

  3. The browser will then open the Administration dashboard in a new window. Click ApplicationsApplications.

    Administration dashboard

    Administration dashboard

  4. This will open the Applications page. From here, either select an application or click Add App in the top right of the page.

    Please Note

    If an existing application is selected, skip to step 8.

    Applications page

    Applications page

  5. Now, on the Find Applications page, type "OpenID Connect" into the search field on the top left of the page. Then, click Openid Connect (OIDC).

    Find Applications

    Find Applications

  6. This will open the Add Openid Connect (OIDC) page. Provide a name for the new application in the Display Name field, then click Save in the top right of the page.

    Add Openid Connect (OIDC)

    Add Openid Connect (OIDC)

  7. The page will then refresh, revealing new options. Click Configurations on the sidebar on the left. Then, in the Redirect URI's field, enter a secure URL for the Matillion ETL instance appended by /j_security_check (see example below), and click Save.

    Example

    https://<example.matillion.com:port>/j_security_check
    Edit Application details

    Edit Application details

  8. Next, click SSO on the sidebar on the left. In the Enable OpenID Connect section, copy the codes listed under Client ID and Client Secret, and the V2 URL listed under Issuer URLs as they will be required for Setting Up Internal Security.

    Please Note

    • In order to copy the Client Secret, Show client secret must first be clicked to make it visible.
    • Additionally, when copying the client secret, some browsers may add a space to the end of the code. Watch out for this as it will cause the credentials to fail.
  9. Thereafter, scroll down the page to the Application Type section and select Web from the Application Type dropdown menu. Then, in the Token Endpoint section, select POST from the Authentication Method dropdown menu, and click Save.

    Copy Client ID and Secret

    Copy Client ID and Secret

  10. Now, users have to be added to the application. Click Users on the left of the header menu. Then, on the Users page, select the users to be linked to the application.

    Linking Users

    Linking Users

  11. This will open the user's dashboard. Click Applications on the sidebar on the left, then click + on the top right of the window.

    Adding users to applications

    Adding users to applications

  12. Finally, in the Assign new login to [Application Name] pop-up window, select the newly created application from the dropdown menu, and click Continue.

    Please Note

    Ensure the newly created application appears on the user's Applications list after clicking Continue.

    Assigning new login to application

    Assigning new login to application


Setting Up Internal Security

  1. In Matillion ETL, on the top right of the screen, click AdminUser Configuration.

    Admin dropdown menu

    Admin dropdown menu

  2. In the User Configuration pop-up window, click on the Select Security Configuration dropdown menu and select Internal.

    User Configuration window

    User Configuration window

  3. Next, click OpenID Connect Login to open the OpenID configuration form. Then, using the codes copied from OneLogin website, provide details for the following fields:

    • Identity Provider – select Generic from the dropdown menu
    • Provider Endpoint URL – enter the Issuer URL
    • Client ID – enter the Client ID
    • Client Secret – enter the Client Secret
    • User Attribute – enter an attribute to identify users (email is set as default)
    • Scope – list scope(s) for which access will be requested (email is set as default)
    • Extra Options – list any additional connection options (these options are not mandatory and should be listed as [key:value pairs]), then click OK

    OpenID Connect Login tab

    OpenID Connect Login tab


Managing Users and Logging In with OpenID credentials

  1. Once the OpenID has been configured, a pop-window will appear prompting for the Matillion ETL instance to be fully restarted (required before the changes will take effect). Thereafter, the Matillion ETL login screen will include Login with OpenID Connect below the standard login form. However, the OpenID users still need to be added to the user list before this can be used.

    Matillion ETL login screen with OpenID

    Matillion ETL login screen with OpenID

  2. Next, back in the User Configuration pop-up window, click the Manage Users tab, then click +.

    Manage Users

    Manage Users

  3. This will open the Add User pop-up window. Provide details for the following fields:

    • Username – enter the attribute chosen to identify the user
    • Password – provide an appropriate password to be linked to the user
    • Repeat Password – re-enter the password as above
    • Role – select the access level of the user (also see this article for details), then click OK

    Add user

    Add user

  4. On returning to the Manage Users tab, click Apply changes at the bottom of the window to confirm the addition of the new user. The OpenID can now be used to login into the Matillion ETL instance.

    Please Note

    Using OpenID does not prevent existing or new users from logging into the Matillion ETL instance via the usual method. Additionally, the passwords assigned to the OpenID users within Matillion ETL are solely for use within Matillion ETL.

    Apply changes

    Apply changes