To configure OneLogin to sign in users into ClearBenefits using SAML, follow those steps. You will need to contact ClearBenefits to turn on SSO. Provide them the Metadata file and x.509 certificate you'll download later.
In OneLogin, do the following:
- In OneLogin, navigate to Apps > Find apps and search for ClearBenefits. Click Add.
- In the Add ClearBenefits screen select for the app to be used by the Organization and select SAML 2.0 for the Connector Version. Press Continue.
- Type your ClearBenefits Org ID into the Org ID field within the Configuration tab.
- Under the Single Sign-on tab copy the Issuer URL into a new browser tab. It should download and xml file. Then navigate to Security>SAML and download the x.509 certificate in .pem format. Provide the XML file and the x.509 certificate to ClearBenefits. Set the credentials to Configured by admin and select a default Username value of email or something equivalent to email to use as ClearBenefit's credential.
- Under the Access Control tab choose which roles will have access to ClearBenefits.
To test do the following:
- Login to OneLogin.
- Make sure you are logged out of ClearBenefits.
- Click the ClearBenefits icon on your dashboard. This should log you into ClearBenefits.
If you're not using the same Username in ClearBenefits as in OneLogin, do the following:
- Click Apps, then Company Apps.
- Edit the ClearBenefits application.
- Navigate to the Logins tab.
- Locate your user and click Edit.
- Type in the new Username and click Update.
- Navigate to the portal and re-test by clicking the ClearBenefits icon.
- You're done!