OneLogin Agent SSO: SAML Authorization setup

Last Updated -


OneLogin is a platform for connecting applications. OneLogin can implement and manage Agent logins to and other applications in one central location with a single set of credentials. After connecting with OneLogin, Agents can navigate to Desk directly from the OneLogin interface without having to re-enter credentials on the Desk side.

Note that there are two ways to setup OneLogin to log into Desk, form-based authorization and SAML. Form based authorization doesn't require SAML and is therefore supported on all plans. This article covers the SAML setup. The form-based authorization guide can be found here.


  1. Business Plan
  2. OneLogin as a SSO identity provider

OneLogin Setup

1.   Login to your OneLogin account. In the Admin, select the Apps dropdown, then Company Apps.

2.   Click Add App.

3.   Search for and select from the results. 

4.   Choose a Display Name for the application. Usually this will be or Desk. Select SAML2.0 as the Connector Version. Save the application. 

5.   Click on the Configuration tab and enter the SAML Consumer URL for your Desk site. If you are using the default domain for your site, this should be If you have a custom subdomain, you should enter it without "https://" at the beginning.  For Entity ID enter the subdomain for your Desk site, regardless if you have a custom domain. If your subdomain is, you would enter "helpdesk." Save the updates.

6.   Click on the Users tab and select a User to add to the app. With SAML, the user's email address needs to match the email address on the Desk side. Add the users you would like to access Desk and then click Save.

7.   Click on the SSO tab and copy the SAML 2.0 Endpoint field.

In another tab, open your Admin and navigate to Settings > Single Sign-On. Select SAML SSO and paste the text into the Remote Login URL field. Give your app a name by entering text in the Authentication Service Name field.

8. While keeping this tab open, return to OneLogin. Click on View Details for the certificate.

In the SHA fingerprint section, select SHA-1 and then copy the Fingerprint field.

9. Head back over to Desk and paste the copied Fingerprint into the Certificate Fingerprint field. Click Save.

Now the users will be able to login to Desk from the OneLogin interface. If they navigate to the normal Desk login page, they will still be asked for their credentials but can use the optional login below the Login button.