How to self-configure SSO with OneLogin

Simplify the sign-on process for your Enterprise team. βš™οΈ

πŸš€  We have a new & improved experience for Admins to configure SSO & Directory sync! πŸš€

If you are a setting up SSO and Directory Sync for the first time, please refer to this article:
How to configure SSO & Directory sync

If you have already configured SSO using our previous set up and want to configure Directory sync, please reach out to your Customer Success or Account Manager. We are currently working on a self-serve method to migrate existing customers to the new set up. 

Loom uses single sign-on (SSO) for Enterprise users to simplify the sign-in process and allow access to Loom using several authentication sources, including OneLogin. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO.

πŸ‘‰Note: Loom does not currently support IdP-Initiated SSO. Please Browse to to login.

If you're the Admin of your company's Loom account, you can configure SSO using the following steps:

  1. Go to your Workspace settings by clicking on Settings in the left navigation bar of your Library. Open the security tab and toggle on Single Sign On (SSO).


  2. Select OneLogin as your IdP for configuration. Keep this tab open, as you'll be returning to your Loom Workspace later.

  3. In a separate tab, on your OneLogin account, select Applications (under the Applications tab at the top of your screen). Click Add App in the top right. Search for SAML test connect. Select SAML Test Connector (IdP w/ attr w/ sign response).

  4. Change the Display Name to Loom. You can also change the icon if you'd like. Save your work. Open the Configuration tab on the left.

  5. You'll need to grab some information from Loom and input it into OneLogin.

    • Paste the Audience URI from Loom in the Audience field in OneLogin.

    • Paste the Identity Provider Single Sign On URL from Loom in the ACS (Consumer) URL Validator field in OneLogin. You'll see a message in OneLogin about making this a regular expression, but you can ignore this and copy and paste as-is.


  6. Click Parameters under Configuration on the left. It's time to add some attribute mappings.

    • Using the + sign on the right, create a new attribute with the field name email. Set the value as Email. Check off Include in SAML assertion.
    • For the next, set the field as firstName (Note: this is case sensitive) and check off Include in SAML assertion. Set the value as First Name.
    • Lastly, create one named lastName. Check off Include in SAML assertion. Set the value as Last Name.
  7. Click SSO in the column on the left. Select SHA-256 as the SAML Signature Algorithm. Copy the SAML 2.0 Endpoint (HTTP) URL. Paste it in Loom under Identity Provider Single Sign On URL. Save your work in OneLogin.


  8. Click SSO in the column on the left. Click View Details under X.509 Certificate. Download the certificate. Upload it in Loom under Certificate.

  9. Give users access under the Users tab in the column on the left. You should now be able to log in on Loom using SSO through OneLogin.

πŸ‘‰ Note: Using SSO, Admins can set a default member role for assigning to users added to the Workspace through Just-in-Time provisioning.

Domain verification

Your team will only be able to log into Loom for Teams via SSO once at least one of your domains are verified. Once enabled, account holders with domains other than those authorized will lose access. Add a domain using either the email verification option or the DNS text record verification option. Note that for the email verification option, you'll need access to an administrator email and will need to test your connection after verifying to ensure that your connection is set up correctly (not doing so might result in getting locked out of your Loom account).


Questions, comments, concerns? Contact us here.   

Happy recording! πŸŽ₯ πŸ˜„

1 out of 1 found this helpful