Integrate Kisi with OneLogin SSO

info

This is a Kisi-built integration, maintained and supported by Kisi.

As a Kisi organization owner you can set up OneLogin single sign-on (SSO) for your Kisi users. In addition to your SSO integration, you can:

• set up SCIM provisioning to easily and securely sync identities between your IdP and Kisi
• optionally enable authentication with password for individual users, providing flexibility as needed

Prerequisites

• a Kisi organization owner account
• a valid and activated SSO license

Before setting up the integration, ensure you are logged in as the Kisi organization owner and have a valid, activated SSO license. If these prerequisites are met and the SSO & SCIM option is still not visible on the dashboard, please reach out to Kisi Support for assistance.

Set up the integration in OneLogin

1. Sign in to OneLogin
2. At the top, select Applications and click on Add App
3. Search for Kisi and click on the app
4. Click Save to create the application
5. Navigate to Configuration and enter your Kisi Domain. (You can find your Kisi organization domain in Kisi, under Settings > General)
6. Navigate to SSO and copy the Issuer URL
7. Click Save

Set up the integration in Kisi

1. Sign in to Kisi as the organization owner
2. Under Settings, click on SSO & SCIM
3. Under Metadata URL, paste the Issuer URL you have previously copied in OneLogin
4. Click Save
5. Click on Generate Certificate

Now that you have generated the encryption certificate, go back to OneLogin and follow the steps below to complete the configuration.

6. Under Configurations > SAML Encryption, in the Public key section, paste the contents of the encryption certificate you downloaded from Kisi
7. Click Save
8. Assign users to the created Kisi application

tip

To further control your SSO integration, you can set up SCIM provisioning. This will help you to easily and securely sync identities between your IdP and Kisi.

Flexible authentication: SSO or password

Kisi organizations with Single Sign-On (SSO) enabled can, if needed, also enable authentication with password for users. If enabled, the user will be able to log in with email and password. If the user is in the organizations' IdP directory, an SSO login will also be available.

User removal impact on event logs

If you're utilizing a Single Sign-On (SSO) platform and an employee is removed, upon reviewing the Event history, the logs related to that user will continue displaying the user's name, even though they've been removed from the system.