SSO / SAML - OneLogin

Paycor Legacy Support

May 8th, 2024 Updated

Please note: This article only applies to standalone customers. This article does not apply to those who are integrated into the broader Paycor HCM platform.

The 7Geese+OneLogin integration has a total of 2 configuration steps, a testing phase, and the final enabling step. Please be sure to read through the entire tutorial before beginning the integration to ensure configuration success.

  1. After logging into your OneLogin account, navigate to the top options menu and select Apps > Add Apps to begin the 7Geese Integration.
  2. In the search bar type in the following text: SAML Test Connector (IdP w/ attr w/ sign response).
  3. As an optional step, you can configure the display name and icon. Our logo and favicons are uploaded to this article. You can download them from the right-side menu.

Be sure to click save to create the new app integration.

Integration Setup

At this point in the application integration, you should open the 7Geese platform in a separate tab and work with the two web pages simultaneously. 

After saving the new SAML Test app head to the SSO tab to get access to the app configurations.

Under the "SSO" tab, you will need to copy the following information into the administrative settings in 7Geese.

  • Issuer URL
  • SAML 2.0 Endpoint (HTTP)
  • SLO Endpoint (HTTP)
  • X.509 Certificate details 

Enter the data you gathered in the previous section into the form, copying directly from the SSO tab in OneLogin.

Here's a guide of what information from OneLogin goes into the 7Geese integration fields:

7Geese Integration Fields

Go to SSO within OneLogin to access this information.

  • Step 1: Copy over the Issuer URL from OneLogin into the Issuer field on 7Geese
  • Step 2: Copy the same Issuer URL into the Metadata URL field on 7Geese
  • Step 3: Copy the same SAML 2.0 Endpoint (HTTP) URL into the SSO URL field on 7Geese
  • Step 4: Copy the same SLO Endpoint (HTTP) URL into the SLO URL field on 7Geese
  • Step 5: Copy the X.509 Certificate (Copy the certificate details from the View Details tab under the SSO section) into the X.509 Certificate field on 7Geese 

The page should show you your newly created SAML endpoints and indicate that the integration is still disabled. It is important that you do not activate your SAML integration just yet, as there is one final step in OneLogin.

OneLogin Configuration & Parameters

Once you have the 7Geese SAML integration setup, you have to manage the configurations and parameters for the integration in OneLogin. To add the information from the 7Geese platform back to OneLogin head to theConfiguration tab in OneLogin. 

You need to paste the following information: 


Next, head to the Parameters tab to set up the configuration for first name, last name, and position. Add new parameters called first_name and last_name and click "Include SAML assertion" for each parameter.

The position field is optional.

For each field, once they are setup you have to go back into the parameter and map it with it's corresponding value. 

Below is a screenshot including the two-step process for first_name

Be sure to save the app configurations and new parameters. 

Testing The Integration

  1. You should now be ready to test the integration.
  2. You can test the integration directly through the integrations tab under organization settings where you originally setup the OneLogin SAML parameters. 

    You will want to utilize the Assertion Consumer Service, or SSO Service URL: 
  3. Once tested, click Enable to sync OneLogin to 7Geese.

Adding new team members

To add new team members after OneLogin is setup for single-sign-on, invite the new team member from 7Geese. They'll be prompted to setup a password, where they'll be redirected to the login page. From here, they'll be able to select the SAML login option.