This article explains how to use OneLogin to sign your users into Digital Theatre+
Instructions
Add the DT+ App
- Sign into your OneLogin tenant. Your tenant will be accessed via a URL unique to your organisation, for example: https://<your-organisation>.onelogin.com
- Click Applications
- Click Add App
- In the Search field, enter: Digital Theatre
- Select the DT+ SAML 2.0 Application
- Modify the Display Name to be: Digital Theatre+ (to avoid confusion)
- Click Save
Once saved, additional configuration options will become available:
Gather information to send to Digital Theatre+
- Click SSO
- Under X.509 Certificate, click View Details
- Download the X.509 PEM Certificate
- Click Applications
- Click the Digital Theatre Application you added in the previous step
- Click SSO
- Send the following information to the Digital Theatre+ team via https://sso.digitaltheatreplus.com
- SAML Signature Algorithm (either SHA-1 or SHA-256)
- Issuer URL
- SAML 2.0 Endpoint (HTTP)
- X.509 Certificate
- Email domains that your users sign in with (so that users are redirected to your OneLogin Identity Provider) when they go to https://edu.digitaltheatreplus.com, click Sign In and enter their email address.
Apply the ACS URL suffix
Digital Theatre+ support will provide the ACS URL after importing the information you sent in the previous step.
- Click Configuration
- Put the last part of the ACS URL (the suffix) into the ACS URL suffix field
- For example, if Digital Theatre+ support provided an ACS URL of: https://auth.digitaltheatreplus.com/sso/saml2/0oa9yuusintknvTx44x7 then 0oa9yuusintknvTx44x7 is the value you need to put in this field.
- Click Save
Test Sign In
- Using your web browser, go to the full ACS URL. This triggers the sign in flow. You will be redirected to your OneLogin Identity Provider.
- Enter your credentials (if not already signed in)
- You will be authenticated to Digital Theatre+
Confirm Sign In is working
- Let Digital Theatre+ support know that sign in is working for you, and redirection of users signing in with your email domain(s) will be enabled