Articles in this section

OneLogin setup

Follow these steps to set up OneLogin as an SSO provider for the Tipalti app.

  1. In OneLogin, go to "Applications" and click "Add App" to add a new application.
  2. On the "Find Applications" screen, in the search bar, type "OpenId Connect" or "oidc" and click "Enter".
  3. From the search result, select the "OpenId Connect (OIDC)" app.

    4. Find OpenOD Connect (OIDC) application

On the "Add OpenId Connect (OIDC)" screen:

  1. Go to "Info" and complete the following fields.
    1. In the "Display Name" field, type:
      • "Tipalti-Sandbox", if you are setting up the Sandbox app.
      • "Tipalti-Production", if you are setting up the Production app.
    2. (Optional) You can add icons for the app tiles. Please adhere to the following guidelines for the icons.
      • Rectangular icon: A transparent PNG or SVG file with aspect ratio 2.64:1
      • Square icon: A transparent PNG or SVG file with minimum 512px x 512px

      3. OpenID Connect screen

    3. Click "Save" to be taken to the "Application Info" page.
  1. Go to "Configuration" and complete the following fields.
    1. (Optional) In the "Login URL", copy and paste the following URLs for the Tipalti app.
      • For Sandbox: https://aphub2.sandbox.tipalti.com/#/login/login-user-name
      • For Production: https://aphub2.tipalti.com/#/login
    2. In the "Redirect URI" field, copy and paste the following URIs as a comma-separated list, or each on a separate line. You need to add 2 URIs for each environment.
      1. For Sandbox: 
        • https://console2.sandbox.tipalti.com/api/v0/account/authorizesso
        • https://sso.sandbox.tipalti.com/api/authorization/v1/authorizesso
      2. For Production:
        • https://hub.tipalti.com/api/v0/account/authorizesso
        • https://sso.tipalti.com/api/authorization/v1/authorizesso

      3. App configuration

    3. Click "Save".

You need to copy the credential values from OneLogin, and paste into a secured text password-sharing application (e.g., 1Password, Vault), as you need to provide Tipalti with these values for each application (Sandbox and Production) to complete the setup process.

On the "Add OpenId Connect (OIDC)" screen, go to "SSO" and complete the following steps.

  1. Copy the value in the "Client ID" field and paste it into the secured text password-sharing application.
  2. In the "Client secret" field, click the "Show client secret" link or the "Regenerate client secret" link, copy the value, and paste it into the secured text password-sharing application.
  3. In the "Issuer URL", right-click the "Well known Configuration" link, copy the value, and paste it into the secured text password-sharing application.

    4. Typically, the well-known URL has the following format: https://<YOUR_ONELOGIN_DOMAIN>/oidc/2/.well-known/openid-configuration where "YOUR_ONELOGIN_DOMAIN" is the domain of the OneLogin application's Issuer.
    For example, if the Issuer was https://<your-company>.OneLogin.com, then the well-known URL would be https://<your-company>.onelogin.com/oidc/2/.well-known/openid-configuration

  1. Send the document to Tipalti to finish the SSO configuration process.

    2. Once Tipalti confirms that your credentials have been received, destroy the document.

  2. In the "Token Endpoint" field, for the "Authentication Method", select "Post" .

    3. SSO tab in OneLogin app

  3. Go to Users > Role and complete the following steps.
    1. In the search bar, type Tipalti Sandbox/ Tipalti Production and click "Search".

      2. Search roles

    2. From the search result, click the app. On the "Role Apps" screen, a check mark displays beside the app.

      3. Role Apps page

    3. To add users to that role, click "Users" and add users manually.

      4. Add users manually

  4. Assign access to the application to all your employees that require access to Tipalti and save the configurations.