Story Box Library
is now coming to you via
StoryBox Hub
redirecting you...
Back to FAQs Back to FAQs

SSO set up steps for OneLogin

To complete these steps you will need access to your OneLogin administrator dashboard and your StoryBox Hub Account Holder login details.

Set up steps

  1. Log in to your OneLogin administrator dashboard.
  2. Browse to Applications > Applications > Add Apps.
  3. Search for SAML Custom Connector (Advanced) and select the first result from the search results.
  4. Give the app a name, "StoryBox Hub", and click Save.
  5. Click the SSO link on the left-hand menu.
  6. Copy the Issuer URL and paste it into a new browser window to download the metadata.
  7. In a separate browser tab or window, log in to your StoryBox Account Settings as the Account Holder.
  8. Scroll down to Other Account Actions on the right hand side and click Configure SSO details.
  9. For Identity provider choose "OneLogin".
  10. Use the values from the metadata file to fill in these fields:
    • IdP Entity ID or Issuer = entityID. It will look something like this: https://app.onelogin.com/saml/metadata/xxxxxxxx-1111-1111-xxx-111111111111.
    • SAML Login URL = SingleSignOnService Location. It will look something like this: https://[yourdomain].onelogin.com/trust/saml2/http-post/sso/xxxxxxxx-1111-1111-xxx-111111111111.
    • X.509 Certificate: Copy all the text inside the ds:X509Certificate tag and paste it here, topping with -----BEGIN CERTIFICATE----- and tailing with -----END CERTIFICATE----- as per the example underneath the text box.
    • User name attribute (required): Username (make note of case sensitivity - this is important for later). This is not displayed anywhere but is used as a unique identifier for the sub-account that gets created during an SSO user's first log in. As such it is required, or individual sub-accounts cannot be created.
    • Email attribute (optional): Email (make note of case sensitivity - this is important for later)
    • First name attribute (optional): Firstname (make note of case sensitivity - this is important for later). If this is mapped it will appear in the top right corner when an SSO user is logged in, in the dropdown menu that takes them to their account settings. If it isn't mapped the organisation name will appear here instead.
    • Last name attribute (optional):  Lastname (make note of case sensitivity - this is important for later).
    • (Role and Group name attributes are optional and not currently utilised but may be used for personalised functionality in the future.)
  11. Click the Update button at the bottom of the page.
  12. Back in the OneLogin admin dashboard, click the Configuration link in the left hand menu and fill in the following details:
    • Audience (EntityID): Copy and paste the SP-EntityID / Issuer URL from your StoryBox Hub SSO settings here.
    • Recipient: Copy and paste the ACS (AssertionConsumerService) URL/Issuer from your StoryBox Hub SSO settings here.
    • ACS (Consumer) URL Validator: Copy and paste the ACS (AssertionConsumerService) URL/Issuer from your StoryBox Hub SSO settings here then replace any "/" characters with "\/" and any "." with "\.".
    • ACS (Consumer) URL: Copy and past the ACS (AssertionConsumerService) URL/Issuer from your StoryBox Hub SSO settings here.
    • Leave all other settings as-is.
  13. Save your changes.
  14. Still in OneLogin, click the Parameters link in the left hand menu.
  15. Click the (add) button to the right and add the following parameters (must match case sensitivity and spelling as per step 10:
    • Username (Tick box Include in SAML Assertion). Click Save. In Value dropdown box, choose Email. Click Save.
    • Email (Tick box Include in SAML Assertion). Click Save. In Value dropdown box, choose Email. Click Save.
    • Firstname (Tick box Include in SAML Assertion). Click Save. In Value dropdown box, choose First Name. Click Save.
    • Lastname (Tick box Include in SAML Assertion). Click Save. In Value dropdown box, choose Last Name. Click Save.
  16. Click the Audience link in the left hand menu then choose the OneLogin group(s) of users who you want to have access to StoryBox Hub.
  17. You should now be ready to test the connection.

Testing steps

  1. Log out of your StoryBox Hub Account Holder settings.
  2. While still on the StoryBox Hub homepage, click the LOG IN button in the top right corner.
  3. Click SSO.
  4. Find your Organisation Name in the dropdown box. (You can edit the name that shows here in your Account Holder settings.)
  5. Click LOG IN.
  6. Submit user credentials for your organisation.
  7. You should be redirected back to StoryBox Hub and be logged in when the page loads. If you've mapped the attributes correctly and you included a First Name attribute, you should see the first name of the user you logged in as in the top right hand corner.

Direct login page link and Level URL

If you can log in successfully, you can use this URL format as a direct link to your organisation's StoryBox Hub login page:

https://storyboxhub.com/login?sso_id=XXXX

Replace XXXX with the same number you see in your StoryBox Hub Entity ID and ASC URLs.

If you are adding StoryBox Hub to your Electronic Collections, use this URL in the Level URL field.

Troubleshooting

If you follow the steps above and experience any issues, please contact our support team with these details:

  • Your identity provider's name
  • Screenshots of your SAML configuration from your IdP’s admin portal
  • Screenshots of any error messages
  • A set of test user credentials