Skip to main content
All CollectionsSet Up TorqSet Up Single Sign-On (SSO)
Set Up Torq SSO: OneLogin OpenID Connect
Set Up Torq SSO: OneLogin OpenID Connect

Follow this guide to set up Single Sign-On (SSO) with OneLogin using the OpenID Connect protocol.

Updated over 3 months ago

Ensure seamless and secure access to Torq by configuring Single Sign-On (SSO) using OneLogin as your Identity Provider (IdP) and OpenID Connect (OIDC) as the authentication protocol. This guide walks you through the necessary steps in both Torq and OneLogin to set up SSO, enhancing your platform's security and user experience.

1. Creating a New SSO Provider in Torq

First, establish the foundation for SSO in Torq by adding a new SSO provider:

  1. Navigate to Settings > SSO Login in Torq.

  2. Click the Add button in the IdP Connection section.

  3. Carefully copy the Login Redirect URL; it's needed when setting up the OIDC application in OneLogin.

For Safari users (version 16.1+), ensure the Login Redirect URL matches the specified format for Torq or Torq EU. If discrepancies arise, please contact Torq support for URL updates in your workspace before proceeding.

Screenshot of setting up an IdP connection in Torq.

2. Creating a New OpenID Connect Application in OneLogin

Transition to OneLogin to configure the OIDC application:

  1. Under Applications, opt to Add App.

  2. Search for "openid connect" and select the designated OIDC application.

    OIDC app
  3. Name the application (e.g., Torq) for easy identification.

Enhance the application's appearance with the Torq logo for users utilizing the OneLogin Applications launcher.

3. Configuring Your OneLogin Application

Proper configuration within OneLogin ensures smooth integration:

  1. In the Configuration tab, apply these settings:

    • Login URL: https://app.torq.io/auth/SSOSignIn?domain=<yourcompanydomain>.com

    • Redirect URIs: Include the standard and EU-specific URIs for Torq, ensuring comprehensive coverage.

  • Adjust settings in the Parameters tab to forward user roles effectively, especially if managing roles within OneLogin.

    Screenshot of configuring groups in OneLogin.
  • The Rules tab allows you to add a rule for sending group mappings, aligning with your organizational structure.

    onelogin-sso-configure-app
  • In the SSO tab, note down the Client ID, Client Secret, and Issuer URL for later use in Torq. Set the Application Type to Web and the Token Endpoint to Basic.

4. Assigning the Application to Users and Groups

Define which organizational users and groups should access Torq via the Users tab in OneLogin, ensuring only authorized individuals can utilize the SSO functionality.

5. Finalizing SSO Setup in Torq

Return to Torq to complete the setup by entering the previously noted Client ID, Client Secret, and Issuer URL in the IdP Connection section under Settings > SSO Login.

6. Defining SSO Claims Mapping in OneLogin

Lastly, configure the claims mapping in OneLogin to dictate the roles assigned to users within the Torq workspace, based on their claims. This ensures appropriate access levels and functionalities are granted to each user.

The mappings are interpreted in an ordered, top-down manner. The mapping assigning the highest privilege should be listed first, and the other mappings should be listed in descending privilege order. A user is assigned a role according to the first match, disregarding any following assignments.

Add claims mapping in Torq

Field

Value

Claim Name

The claim (field), as provided by the Identity Provider. As defined earlier, frequently used claims could include email for a particular user or group.

Claim Value

The expected value for the claim to assign a specific role to the user. Claim values are case-sensitive.

Role

The expected Torq role to assign.

Did this answer your question?