Topic
This guide explains how to set up SAML (Security Assertion Markup Language) with NinjaOne using Microsoft OneLogin.
Environment
NinjaOne platform
Description
SAML allows technicians to access the NinjaOne application using a single sign-on with their preferred provider. SAML can be used with both the standard and branded NinjaOne web application, which supports multiple IdPs (Identity Providers).
Any IdP that supports SAML 2.0 may be used. However, we have only tested and verified Azure, OneLogin, and Okta.
There are two different workflows related to SAML. Currently, only the workflow initiated by the service provider is enabled for NinjaOne SAML.
- Service Provider (SP) initiated workflow: You navigate to NinjaOne to log in, and you are forwarded to the identity provider.
- Identity Provider (IdP) initiated workflow: You navigate to your identity provider to log in, and you are forwarded to NinjaOne to log in.
If your NinjaOne account is in the NA or OC instance (https://app.ninjarmm.com, or https://oc.ninjarmm.com), you can enable the NinjaOne application from the OneLogin catalog. Simply select the version that aligns with your instance ("NinjaRMM" for NA and US2, or "NinjaRMM(OC)" for OC).
If your NinjaOne account is in the US2, EU or CA instance (https://us2.ninjarmm.com, https://eu.ninjarmm.com, or https://ca.ninjarmm.com), refer to OneLogin's documentation to learn how to set up single sign-on (SSO) for SAML service providers.
For information on gathering the Entity ID and Assertion Reply URL from NinjaOne, refer to Login Security: Configure Single Sign-On in NinjaOne.
Additional Resources
To learn more about NinjaOne's identity services, refer to: