OneLogin Setup and Configuration

This guide covers setting up Single Sign-On (SSO) with OneLogin for Welkin Health.

Note: While setting up this configuration, it helps to have two browser tabs open — one with Welkin Admin and one with OneLogin.

Step 1: Add users in OneLogin

1. Log in to your OneLogin account

2. Click Administration → Users in the left menu

3. Click New User and fill in the required fields

4. The email must match the Welkin user's email address

Step 2: Create a SAML application in OneLogin

1. Go to Applications → Applications and click Add App

2. Search for SAML Custom Connector (Advanced) and select it

3. Fill in the application name

4. Save

Step 3: Configure the SAML connector

In the Configuration tab, fill in the following fields using the values from Welkin Admin → Security Settings → Single Sign-On → OneLogin → Instructions:

Your URLs will differ depending on your organization name.

Step 4: Add email attribute parameter

In the Parameters tab:

1. Click Add parameter → Field Name

2. Set Field Name to: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

3. Set Value to: Email

4. Check Include in SAML Assertion

5. Click Save

Step 5: Copy IdP metadata to Welkin

1. In the OneLogin application's SSO tab, copy the Issuer URL

2. In Welkin Admin → Security Settings → Single Sign-On, paste the Issuer URL into the Metadata URL field

Step 6: Activate SSO

• In Welkin Admin → Security Settings, set Single Sign-On status to Active

• In the user's profile in Welkin Admin, set Security to Active for Single Sign-On for each user using OneLogin

• In OneLogin, make sure the user has been granted authorization to use the application

More Questions? Contact csm@welkinhealth.com or your Implementation/CSM directly.