The documentation says that NextCloud can be used with OneLogin for SSO but, other than that, the docs are slender on how to do so. I’ve enabled SSO in NextCloud but not sure how to tie it to my OneLogin account and, from there, to my ActiveDirectory. Can someone lend a hand, please?
Connecting to OneLogin should actually be one of the easier SAML configuration tasks.
- Create a new App in OneLogin
- Make sure an attribute field contains the correct attribute you require
- Go to the SSO tab
- Copy the “Issuer URL” into Nextclouds’ “Identifier of the IdP entity”.
- Copy the “SAML 2.0 Endpoint (HTTP)” into Nextclouds’ “URL Target of the IdP where the SP will send Authentication Request Message”.
- Copy the “SLO Endpoint (HTTP)” into Nextclouds’ “URL Location of the IdP where the SP will send the SLO Request”
- Click “View Details” on the certificate and copy that into Nextclouds’ “Public X.509 certificate of the IdP”
- In Nextcloud specify the “Attribute to map the UID to” to your unique attribute (e.g. “PersonImmutableID”)
- Go to the OneLogin Apps Configuration tab:
- Audience: https://example.com/index.php/apps/user_saml/saml/metadata
- ACS (Consumer) URL: http://example.com/index.php/apps/user_saml/saml/acs
- ACS (Consumer) URL Validator: http://example.com/index.php/apps/user_saml/saml/acs
Now you should already be able to login using SSO in a private browser window.
Thank you! Unfortunately, the above does not work. I now believe it may be because we’re using the free version of OneLogin. I do very much appreciate your directions and have saved them. Thanks.
That should actually also work in the free version of OneLogin as far I can tell. What kind of error do you see?
Thank you! I was able to get it configured but it does not seem to be authenticating correctly. I set it to use Email as the UID but when I try to log in to NextCloud I get, “The server took too long to respond”.
Ha! You are a genius! Good thing I’m in test mode. I set it so that I was no longer able to log in and had to remove and reinstall NextCloud. SAML and OneLogin is working perfectly now. Could not have done it without your help. Thank you!
Only the person that programmed the SAML application 
– Glad it worked out for you! 
Another question for you, if I may - when you use the “example.com” domain in the above instructions is that meant to be the name of my NextCloud host domain or my Active Directory Domain name? Thank you.
Big update to this thread. The instructions provided above by @LukasReschke are close to correct but will not work.
Here is the setup that worked for me.
- Add app in OneLogin. Search for “SAML Test” and select the “SAML Test Connector (IdP)” app.
- Name your app and hit save
- Go to the Configuration tab
- Audience: https://YourNextcloudDomain.com/index.php/apps/user_saml/saml/metadata
- Recipient: https://YourNextcloudDomain.com/index.php/apps/user_saml/saml/acs
- ACS (Consumer) URL: https://YourNextcloudDomain.com/
- ACS (Consumer) Url Validator: https://YourNextcloudDomain.com/
- Go to the Parameters tab
- Add a new parameter and name it something like “username”
- After its added, set the default value to a unique parameter (I chose Email Name Part). This will become the username for your users in nextcloud.
- Go to the SSO & SAML Administration page in the Nextcloud Admin settings and enter the name of the parameter you created in the last step. In my case that would be “username”.
- Go to the SSO tab on OneLogin
- Copy the “Issuer URL” into Nextcloud’s “Identifier of the IdP entity”.
- Copy the “SAML 2.0 Endpoint (HTTP)” into Nextclouds’ “URL Target of the IdP where the SP will send Authentication Request Message”.
- Copy the “SLO Endpoint (HTTP)” into Nextclouds’ “URL Location of the IdP where the SP will send the SLO Request”
- Click “View Details” on the certificate and copy that into Nextclouds’ “Public X.509 certificate of the IdP”
- Save everything on OneLogin and everything should be working
2 Likes
hi , could I see your onelogin’s “SAML Test Connector (IdP)” app , I don’t know what should I add the Parameters tab , and what is your nextcloud’s SSO & SAML setting ? can I see it ?
“After its added, set the default value to a unique parameter (I chose Email Name Part). This will become the username for your users in nextcloud.”
" Go to the SSO & SAML Administration page in the Nextcloud Admin settings and enter the name of the parameter you created in the last step. In my case that would be “username”."
dont know what is mean…
I was input like that :
it was in the onelogin
this was in the nextcloud
in here , was more infomation…
fixed. thx/
Hello, I exactly followed and configured NextCloud and OneLogin. I am getting redirected to OneLogin page. but on login, I get “Invalid user id and password”. I have same user in Nexcloud and OneLogin. Could you please let me know what I am missing here.
I further investigated and changed my SP url in Onelogin from https to http and it is redirecting to NextCloud but getting message “Account not provisioned. Your account is not provisioned, access to this service is thus not possible.”
I’m getting the “Account not provisioned. Your account is not provisioned, access to this service is thus not possible.” message as well. Did you ever get resolution?