Configure SAML-based single sign-on (SSO) with OneLogin

Who can use this feature?

🔐 Only team owners and admins can configure single sign-on (SSO)

⭐️ Available on the paid plans.

Step 1: Prepare the configuration

  1. Log in to Nuclino.

  2. Open your Team settings by opening the main menu in the top left corner of the app, clicking on your team name, and then choosing Team settings.

    nuclino-settings-gif_outline
  3. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  4. Note the Team URL and ACS URL.

Step 2: Set up OneLogin for Nuclino

  1. Log in to OneLogin and go to Apps > Add Apps.

  2. Search for Nuclino and select it.

  3. When the Configuration tab appears, click Save to add the app to your Company Apps. Additional tabs appear, and you land on the Info tab.

  4. Go to the Configuration tab and enter your Nuclino ACS URL and Team URL, that you noted in Step 1.

  5. Click Save.

  6. Go to the SSO tab and copy the following data

    1. Issuer URL

    2. SAML 2.0 Endpoint (HTTP)

    3. X.509 Certificate by clicking on View Details and copying the certificate data (-----BEGIN CERTI...)

Step 3: Integrate Nuclino with your identity provider

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO)

  5. Enter the following information

    1. SSO URL: Enter the SAML 2.0 Endpoint (HTTP) you copied in Step 2

    2. IDP Entity ID: Enter the Issuer URL you copied in Step 2

    3. Public certificate: Enter the X.509 Certificate data you copied in Step 2

  6. Click Save changes.

  7. Optional: Enforce single sign-on (SSO)

After you have successfully set up SSO

Your team can now sign up and log in via your team URL which you can find in your team settings in the Authentication section.

  • People who already have a Nuclino account with the same email address as their SSO account can choose to link this account. Afterwards, they can log in using their existing Nuclino account or use SSO instead.

  • For people who don't have a Nuclino account yet, a new account is provisioned when they log in for the first time using your team URL.

Users who have already set up SSO for their Nuclino account can also go to the normal login (https://app.nuclino.com/login) and select Log in via single sign-on (SSO).

Questions?

If you have any questions or need help to set up SSO for Nuclino, please contact us.