Overview

Setup of OneLogin is relatively straightforward. The overall process is as follows:

  1. Create your company account at Clear To Go! (CTG). The user that does this will be the administrator on the account and can perform the actions needed here.
  2. Ensure CTG staff has configured your account to enable SAML. Open a ticket at support@cleartogo.co if this has not been discussed and completed.
  3. Follow the setup instructions in this document
  4. Your users should now be able to enter CTG from your portal.


1. OneLogin Application Setup


Create a new application using the "SAML Test Connector (Advanced)" application template.



Give the application a name like "Clear To Go" and click save.


2. Application Configuration


Once created, click on Configuration and fill in the following values obtained from the SAML Integration page within Clear To Go:



OneLogin Field NameClear To Go Field Name
Audience (Entity ID)
Entity ID
ACS (Consumer) URL Validator
Reply URL
ACS (Consumer) URL
Reply URL
Single Logout URLSign out URL
Login URLSign on URL


Example:



Parameters

In order to have complete profiles in CTG, parameters need to be configured in your OneLogin Application. The following describe what is needed. Click on "Parameters" in One Login.


Example configuration:



Note, OneLogin supports simple named parameters. However, Clear To Go requires a fully namespaced "claim". Please copy the desired claim names from CTG's SAML Integration page. When creating each parameter, ensure that "Include in SAML assertion" is checked. Otherwise the value will not be sent to CTG.


4. Clear To Go! Setup

 

From OneLogin, copy the following info from the "SSO" section in OneLogin and paste them into the "SAML IdP Information" section in CTG:

 

Thumbprint & Cert: From the SSO section, click on "View Details" under the X.509 Certificate. Copy the Fingerprint value into the Thumbprint field in CTG. Copy the X.509 Certificate into the Certificate field in CTG.


OneLogin Field NameClear To Go Field Name
SAML 2.0 Endpoint (HTTP) -> Copy the guid out of the URL: https://appname.onelogin.com/trust/saml2/http-post/sso/[abce-4c75-481d-ae7a-4d1bd5662b]Tenant ID -> [abce-4c75-481d-ae7a-4d1bd5662b]
SAML 2.0 Endpoint (HTTP)
Login URL
SLO Endpoint (HTTP)Logout URL


5. Clear To Go! Role Mapping


In order to assign users to the proper security level, Security Groups are mapped to Roles in CTG. This is done by setting the OneLogin Group name on the Role in CTG. Do this by opening the drop down under your name in the upper right corner. Choose Roles.


Find the Role you wish to map and click Edit. Paste the Object ID into the "Mapped To" field:



It is recommended you test with at least one user from each role type to ensure the role they are assigned in CTG is what is expected.