Documentation Index

Fetch the complete documentation index at: https://support.appgate.com/llms.txt

Use this file to discover all available pages before exploring further.

Integrate OneLogin with ZTP using SAML

  • Published on Jun 17, 2026
  • 1 minute read
Prev Next

Prerequisites

This integration requires the following:

  • A OneLogin account with admin credentials

  • An active ZTP account, accessible using the Bootstrap Identity provided by AppGate

  • A test user account on OneLogin with at least the following attributes configured:

    • email, for example: joe.smith@mycompany.com

    • firstName, for example: Joe

    • lastName, for example: Smith

Step 1: Add a new application in OneLogin

  1. In your OneLogin console, go to Applications and click Add App.

  1. In the search bar, search for SAML Custom Connector (Advanced) and select it.

  1. In the Display Name field, enter a name, for example: AppGate ZTP.

  1. Click Save.

Step 2: Configure the application

  1. In the application, select Configuration from the left menu.

  1. In the Application Details form, complete the following fields:

Field

Value

Audience (EntityID)

Enter the same value used in the Audience field in the ZTP configuration form. For this example, use onelogin-idp.

Recipient

Enter a placeholder URL, for example: https://example.com. You will replace this value after completing the ZTP configuration form.

ACS (Consumer)

Copy this value directly from the ZTP configuration form.

Login URL

Enter the URL of your ZTP account. For this example, use https://01010.appgate.net.

SAML Initiator

Select Service Provider.

  1. Leave all other fields at their default values and click Save.

Step 3: Retrieve IdP metadata

  1. Select SSO from the left menu.

  2. Record the following values:

    • SAML 2.0 Endpoint (HTTP)

    • Issuer URL

  3. To obtain the X.509 certificate, click View Details and copy the certificate.

  4. Click Save.

Step 4: Configure the IdP in ZTP

  1. In ZTP, go to Settings > Identity Providers in the left menu.

  2. Click Add New and select SAML provider.

  3. Complete the form using the following values:

Field

Description

Name*

OneLogin – SAML

Audience*

onelogin-idp

XML Metadata File

The X.509 certificate you downloaded in Step 3.

SSO URL*

The SAML 2.0 Endpoint (HTTP) value recorded in Step 3.

Issuer*

The Issuer URL value recorded in Step 3.

Public Certificate

The X.509 certificate copied in Step 3.

Email Attribute*

email

First Name Attribute*

given_name

Last Name Attribute*

family_name

Username Attribute*

email

  1. Copy the ACS URL from the ZTP configuration form by clicking the copy to clipboard button.

  1. In OneLogin, return to the Application Details form and replace the placeholder URL (https://example.com) in the Recipient field with the ACS URL you copied.

  2. Click Save and test the integration.

Related articles