This guide walks you through configuring OneLogin as a SAML SSO identity provider (IdP) for the Pulumi Console.


Creating the OneLogin Application

The first step is to create a new OneLogin Application for Pulumi SSO:

  1. From the OneLogin Administration portal, go to the Applications page and click the Add App button.

  2. Search for SAML Test Connector (Advanced) and select it.

    Finding the SAML Test Connector App

  3. Enter a Display Name and optionally a logo. See Pulumi Logos.

  4. Click Save.

    Creating a OneLogin Application example

Configuring the OneLogin Application

Now configure the OneLogin Application with the SAML settings for Pulumi SSO.

Configure SAML URLs

Select the Configuration view for the application and enter/confirm the values in the following table.

Configuration Settings Value
Relay State
Audience (EntityID)
ACS Consumer URL Validator .*
ACS Consumer URL
SAML initiator OneLogin
SAML nameID format Email
SAML issuer type Specific
SAML signature element Response
SAML encryption method TRIPLEDES-CBC

Configuration settings example

Configure SSO Settings

Select the SSO view for the application and set/confirm the following:

SSO Settings Value
SAML Signature Algorithm SHA-512

SSO Settings

User Assignments

After the Pulumi SAML application has been created in OneLogin, the next step is to assign users to it. This will grant specific users or groups access to sign into Pulumi with their OneLogin-provided credentials.

To assign users or groups to the application, navigate to the Users tab in the OneLogin portal to add users and then assign them to the Pulumi SSO application.

User Assignments

Configuring Your Pulumi Organization

The final step is to configure the Pulumi Console with details on your new OneLogin-based SAML application. To do this, you need to obtain the IDP metadata document from OneLogin and then provide it to Pulumi.

First, navigate to the OneLogin Application you created above and click the More Actions drop down menu button and select SAML Metadata to download the metadata XML file.

Get Metadata

  1. Open the file and copy the entire block of XML text in your clipboard

  2. Open the Pulumi Console and navigate to your SAML organization.

  3. Click the Settings tab, and then select SAML SSO.

  4. Paste the IDP metadata XML into the bottom card titled SAML SSO Settings

    Pulumi Organization Settings

  5. Click Save at the bottom of the card.

Once the IDP metadata descriptor has been saved, you are all set to log into Pulumi.

Signing into Pulumi using OneLogin

Members of your OneLogin application can now sign into Pulumi. Navigate to and enter the name of your Pulumi organization.

Pulumi Console


If you run into any troubles configuring OneLogin, signing into Pulumi, or need some assistance, contact us.