Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Enable Guest Portal Single Sign-On Access with OneLogin™

Use this information if you want to integrate with OneLogin™ to authenticate guest users.

When you configure a WLAN in the Juniper Mist™ portal, you can set up a guest portal that allows users to sign on by using an Identity Provider (IdP). This topic explains how to set up a guest portal SSO with OneLogin. You'd follow similar steps for other IdPs.

Before completing these steps, go to your OneLogin portal and set up a SAML application to be used for SSO with this guest portal.

  • Set the SAML Signature Algorithm to SHA-256.

  • Copy and save the Issuer URL, the SAML 2.0 Endpoint, and the X.509 Certificate. You'll need this information to complete your guest portal configuration in the Juniper Mist portal.

    Note:

    If you need help adding a SAML application in OneLogin, consult your OneLogin support information. For example, consider this topic on the OneLogin site: Configuring SSO for SAML-Enabled Applications.

To enable guest portal SSO access with OneLogin™:

  1. In your WLAN configuration, select SSO with Identity Provider, as described in Use an Identity Provider for Guest Access.
  2. Use your OneLogin application's information to complete the following fields:
    • Issuer—Paste the Issuer URL for your OneLogin application.

    • SSO URL—Paste the SAML 2.0 Endpoint for your OneLogin application.

    • Certificate—Paste the X.509 Certificate for your OneLogin application.

    • Signing Algorithm—Select SHA-256.

    • Select the After authorization redirect to URL check box and then enter: http://juniper.net

  3. If this is a new WLAN, enter any other necessary information for your WLAN.
    Note:

    For help configuring a WLAN in Juniper Mist, see Configure a WLAN Template.

  4. At the bottom of the Create/Edit WLAN window, select Save (if you're editing an existing WLAN) or Create (if you're creating a new WLAN).
  5. Reopen the Edit WLAN window by clicking the WLAN that you just edited/created.
  6. Copy and save the Portal SSO URL that was generated near the bottom of the Guest Portal section.
  7. Keep the Edit WLAN window open because you'll return to it later in this procedure.
  8. In your OneLogin portal, open your SAML application, and complete these steps:
    1. Paste your Portal SSO URL into the following fields:
      • RelayState

      • Audience (EntityID)

      • Recipient

      • ACS (Consumer) URL Validator*

      • ACS (Consumer) URL

      • Login URL

    2. For the SAML signature element, select both.
      This will ensure that the SAML signature element is in both the assertion and the response.
    3. Save the changes to your application.
      Note: For help configuring the Advanced SAML Custom Connector for your application in OneLogin, consult your OneLogin support information. For example, consider this topic on the OneLogin site: Advanced SAML Custom Connector.
    4. Apply the application to your users who need to access your new guest portal.
      You can optionally enter the user's email address in the username field. If you choose to do that, make sure you select Email as the Name ID Format in the guest portal configuration.
      Note: For help configuring the users in OneLogin, consult your OneLogin support information. For example, consider this topic on the OneLogin site: Manually Assign Apps to Users
  9. In the Juniper Mist portal, return to the Edit WLAN window.
  10. Enter the Allowed Hostnames for your OneLogin users.
    This step is necessary so that the page properly populates when a user is redirected to OneLogin to log in. You can do a packet capture to see the hostnames.
  11. Click Save at the bottom of the Edit WLAN window.
  12. Click Save at the top right corner of the WLAN Templates page.
You can verify that everything is working correctly by logging out of the OneLogin portal, then, join the OneLogin SSO Wi-Fi Network you just created. You should be redirected to the OneLogin splash page where you can enter your login credentials.

If you can login successfully and are redirected to the Juniper homepage, you have successfully set up SSO with OneLogin.