GitProtect EN
FREE TRIALOPEN SUPPORT CASE
  • Introduction
    • Planning & preparation
      • Supported Platforms
      • System Requirements
      • Backup Environment Planning
      • Licensing overview
      • Third-party libraries
  • Deployment and the storage overview
    • Deployment
      • GitProtect System Components & Architecture
      • Deployment models
      • GitProtect SaaS
        • Registration and overview
        • Registration from Marketplace and overview
        • Available regions
        • Cloud worker
      • GitProtect on-premise
        • Installation options & overview
          • Installation On Windows
          • Installation On Linux
          • Installation On Docker
          • Installation On QNAP NAS In Container Station
          • Installation On Synology NAS
          • Using your own SSL certificate
        • Updating GitProtect Management
          • Updating Management Service Installed On Windows
          • Updating Management Service Installed On Linux
          • Updating Management Service Running On QNAP NAS In Container Station
          • Updating Management Service Running On Synology NAS
        • Access GitProtect Management
      • GitProtect worker
        • GitProtect worker installation
          • GitProtect worker installation on Windows Server 2008R2 and Windows Server 2012
          • GitProtect Worker Installation On Windows Workstations & Windows Server 2012 R2+
          • GitProtect Worker Installation On MacOS
          • Running GitProtect Worker On Docker
          • Running GitProtect Worker On QNAP NAS
          • Running GitProtect worker on Synology NAS
          • GitProtect Worker Installation On Linux
        • Updating GitProtect worker
          • Updating GitProtect worker on Windows Server 2008R2 and Windows Server 2012
          • Updating GitProtect Worker On Windows Workstations & Windows Server 2012 R2+
          • Updating GitProtect Worker On Linux
          • Updating GitProtect Worker On MacOS
          • Updating GitProtect Worker On Docker
          • Updating GitProtect Worker On QNAP NAS
          • Updating GitProtect Worker On Synology NAS
        • Configuration
          • Logs location
          • How to restart the worker service
          • worker configuration
      • Log in to GitProtect
        • Log In With User Name And Password
        • Log In with SSO
        • Password Reset (on-premise, SaaS)
        • Log In With SAML
          • Auth0
          • Google
          • Azure AD
          • Okta
          • OneLogin
          • CyberArk
      • Getting started
    • Storage - backup destination
      • Storage Overview
      • Supported Platforms
      • On-site storage
        • Local Directory
        • SMB Share
        • NFS Share
        • MinIO S3
      • Cloud storage
        • GitProtect Cloud
        • AWS S3
          • Setting Up
          • Bucket & IAM Permissions
        • Wasabi
          • Setting Up
          • Permissions
        • Google Cloud Storage
          • Setting Up
          • Permissions
        • Azure Blob Storage
          • Configure a blob storage
          • Integration Methods
          • Setting Up
        • Backblaze B2
          • Setting Up
          • Permissions
        • S3 compliant
      • Replication
        • Overview & Requirements
        • Planning & Setting Up Replication Plan
      • Ransomware Proof Storage
  • Backup plan possibilities and the data solutions
    • Backup & recovery
      • How to plan your backups?
      • Backup plan overview
      • Predefined backup plans
      • Encryption & data security
      • Scheduler & data retention
      • Triggering backup tasks
      • Compression
      • Error handling
      • Azure DevOps backup & recovery
        • Integration prerequisites
          • Protected Azure DevOps resources / elements / metadata
          • Required permissions for Azure DevOps user, OAuth app and token
          • Azure DevOps API limitations
        • Adding Azure DevOps organization
          • Installing GitProtect worker
      • Azure DevOps Server backup & recovery
        • Integration prerequisites
          • Protected Azure DevOps resources / elements / metadata
          • Required permissions for Azure DevOps personal access token
          • API limitations
        • Adding Azure DevOps Server organization
          • Installing GitProtect worker
      • Bitbucket backup & recovery
        • Integration prerequisites
          • Protected Bitbucket Resources / Elements / Metadata
          • Required Permissions For Bitbucket Users and Token
            • Application password in Bitbucket
          • Bitbucket API Limitations
            • How To Reduce Or Avoid Its Impact?
        • Adding Bitbucket organization to GitProtect
          • Installing GitProtect worker
        • Additional Bitbucket users
          • Reasons to use additional users
          • How to prepare an additional account in Bitbucket?
          • How to configure in GitProtect?
        • Backup
          • Protected Bitbucket Resources / Elements/Metadata
          • Bitbucket Backup Process Overview
          • Setting up a backup plan
            • Worker and its license
            • Cloud to cloud backup
          • Enabling additional Bitbucket accounts for backup
          • Backup plan dashboard details
        • Recovery
          • Cross recovery options
          • Recovery process overview
          • Recovery Of A Single Repository To Git Service Or GitProtect Worker
          • Recovery Of A Mulitple Repository To Git Service Or GitProtect Worker
          • LFS recovery
          • Wiki recovery
        • Manage Bitbucket integration in GitProtect
          • Bitbucket organization dashboard
          • Editing and removing Bitbucket integration from GitProtect
          • Bitbucket repositories list and its synchronization
          • Repository’s dashboard overview
          • Enable\disable protection for Bitbucket repos - license assignment
        • Common issues
        • Use cases
      • Bitbucket DC backup & recovery
        • Integration prerequisites
          • Protected Bitbucket DC resources / elements / metadata
          • Required permissions for Bitbucket DC users and token
          • Supported versions of Bitbucket DC
          • Bitbucket DC rate limits
            • How to disable rate limitations in Bitbucket DC?
            • Additional Bitbucket DC users to reduce throttling impact
        • Adding Bitbucket DC instance to GitProtect
          • Installing GitProtect worker
        • Additional Bitbucket DC users\tokens
        • Backup
          • Protected Bitbucket DC resources / elements / metadata
          • Bitbucket DC backup process overview
          • Setting up a backup plan
          • Enabling additional Bitbucket DC accounts for backup
          • Backup plan dashboard details
        • Recovery
          • Cross recovery options
          • Recovery process overview
          • Recovery Of A Single Repository To Git Service Or GitProtect Worker
          • Recovery Of A Multiple Repository To Git Service Or GitProtect Worker
          • LFS recovery
        • Manage Bitbucket DC integration in GitProtect
          • Bitbucket DC organization dashboard
          • Editing and removing Bitbucket DC integration from GitProtect
          • Bitbucket repositories list and its synchronization
          • Repository’s dashboard overview
          • Enable\disable protection for Bitbucket DC repos - license assignment
        • Common issues
        • Use cases
      • GitHub backup & recovery
        • Integration prerequisites
          • Protected GitHub Resources / Elements / Metadata
          • Required Permissions For GitHub Users And Token
            • Personal Access Token in GitHub
          • GitHub API Rate Limits
            • How To Avoid Or Reduce Their Impact?
          • GitHub App overview
        • Adding GitHub organization to GitProtect
          • Install GitProtect Worker
        • Additional GitHub users
          • Reasons To Use Additional Users
          • How To Prepare An Additional Account And Personal Access Token In GitHub?
          • How To Add The Additional User To GitProtect?
        • Backup
          • Protected GitHub Resources / Elements / Metadata
          • GitHub Backup Process Overview
          • Setting up a backup plan
            • Worker And Its License
            • Cloud To Cloud Backup
          • Enabling Additional GitHub Accounts For Backup
          • Backup Plan Dashboard Details
        • Recovery
          • Cross recovery options
          • Recovery Process Overview
          • Recovery Of A Single Repository To Git Service Or GitProtect Worker
          • Recovery Of A Multiple Repository To Git Service Or GitProtect Worker
          • LFS Recovery
          • Wiki Recovery
        • Manage GitHub integration in GitProtect
          • GitHub Organization Dashboard
          • Editing And Removing GitHub Integration From GitProtect
          • GitHub Repositories List And Its Synchronization
          • Repository’s Dashboard Overview
          • Enable\Disable Protection For GitHub Repos - License Assignment
        • Common Issues
        • Use Cases
      • GitHub Enterprise self-hosted backup & recovery
        • Integration prerequisites
          • Protected GitHub Enterprise Self Hosted Resources / Elements / Metadata
          • Required Permissions For GitHub Enterprise Self-Hosted Token
        • Adding GitHub Enterprise Organization To GitProtect
          • Installing GitProtect Worker
        • Additional GitHub Enterprise self-hosted users
          • Reasons To Use Additional Users
          • How To Prepare An Additional Account And Personal Access Token In GitHub Enterprise Self-Hosted?
          • How To Add The Additional User To GitProtect?
        • Backup
          • Protected GitHub Enterprise Self Hosted Resources / Elements / Metadata
          • GitHub Enterprise Self-Hosted Backup Process Overview
          • Setting Up A Backup Plan
            • Worker And Its License
          • Enabling Additional GitHub Enterprise Self-Hosted Accounts For Backup
          • Backup Plan Dashboard Details
        • Recovery
          • Cross Recovery Options
          • Recovery Process Overview
          • Recovery Of A Single Repository To Git Service Or GitProtect Worker
          • LFS Recovery
          • Wiki Recovery
          • Recovery Of A Multiple Repository To Git Service Or GitProtect Worker
        • Manage GitHub Enterprise self-hosted integration in GitProtect
          • GitHub Enterprise Self-Hosted Organization Dashboard
          • Editing And Removing GitHub Enterprise Self-Hosted Integration From GitProtect
          • GitHub Enterprise Self-Hosted Repositories List And Its Synchronization
          • Repository’s Dashboard Overview
          • Enable\disable Protection For GitHub Enterprise Self-hosted Repos - License Assignment
        • Common Issues
        • Use Cases
      • GitLab cloud and self-managed backup & recovery
        • Integration prerequisites
          • Protected GitLab Resources / Elements / Metadata
          • Required Permissions For GitLab Users And Token
            • Personal Access Token in GitLab
          • GitLab Rate Limits
            • How To Avoid Or Reduce Their Impact?
        • Adding GitLab organization to GitProtect
          • GitLab Cloud
          • GitLab Self-managed
          • Installing GitProtect Worker
        • Additional GitLab Users
          • Reasons To Use Additional Users
          • How To Prepare An Additional Account And Personal Access Token In GitLab?
          • How To Add The Additional User To GitProtect?
        • GitLab repository backup
          • Protected GitLab Resources / Elements / Metadata
          • GitLab Backup Process Overview
          • Setting Up A Backup Plan
            • Worker And Its license
            • Cloud To Cloud Backup
          • Enabling Additional GitLab Accounts For Backup
          • Backup Plan Dashboard Details
        • GitLab Group Backup
          • Protected Resources
          • Group Backup Overview
          • Setting Up a Backup Plan
          • Backup Plan Dashboard Details
        • Repository recovery
          • Cross Recovery Options
          • Recovery Process Overview
          • Recovery Of A Single Repository To Git Service Or GitProtect Worker
          • Recovery Of A Multiple Repository To Git Service Or GitProtect Worker
          • LFS Recovery
          • Wiki Recovery
        • GitLab Group Recovery
          • Recovery Process Overview
          • Recover Selected Group To GitLab
        • Common Issues
        • Use Cases
      • Jira Backup & Recovery
        • Integration Prerequisites
          • Jira API Limitations
          • Protected Jira Resources
        • Adding Jira Organization To GitProtect
          • Installing GitProtect worker
        • Backup
          • Jira Backup Process Overview
          • Setting Up A Backup Plan
            • Worker And Its License
            • Cloud To Cloud Backup
          • Backup Plan Dashboard Details
        • Recovery
          • Recovery Process Overview
          • Recovery process
            • Recovery To Local Resources
            • Recovery To Jira Organization
        • Manage Jira integration in GitProtect
          • Editing And Removing Jira Integration From GitProtect
          • Jira Organization Dashboard
        • Common Issues
        • Use Cases
      • GitProtect API for DevOps Ecosystems
        • GitProtect REST API details
        • API Authentication
        • Available methods
        • Use cases
      • Backup deletion
        • General information and requirements
        • Delete all backups of a single resource
        • Delete all copies from a selected data store
        • Delete all versions of a single resource from the selected backup
        • Removing backups from AWS S3, Wasabi, Backblaze B2, and S3 compliant storage
  • Management
    • Logs
    • GitProtect tasks monitoring
      • List of current and past tasks
      • Task detailed information
        • Task details - Replication
        • Task details - Restore
        • Task details - backup
      • Audit log - general information
        • Log details
        • Advanced search engine
    • Notifications
      • Available notifications
      • E-mail notification configuration
        • Daily reports configuration
        • Notifications configuration - GitProtect SaaS
        • Notifications configuration - GitProtect on-premise
      • Slack notification configuration
        • How to create webhook URL in Slack?
      • Sending notifications to any webhook
        • Configuration
        • Notifications sent to webhook
    • Additional administrative accounts
      • Roles and permissions
      • Create additional account
      • Edit additional administrative account
      • Additional account removal
    • Password Manager - Safely Store All Your Secrets
      • Password Manager Overview
      • Add A New Password
      • Add A New Encryption Key
      • Edit Or Remove Existing Password
    • License Management
      • GitProtect On-Premise License Check
      • License Details
      • Force License Refresh
    • FAQ
      • How to enable HTTPS in case of on-premise installation?
      • How to change the port of GitProtect Management service?
      • Errors with branch protection rules and dependencies in GitHub backup
    • Best Practices And Use Cases
    • Known Problems
  • CHANGELOGS
    • GitProtect v1.8.5
    • GitProtect v1.8.0
Powered by GitBook
On this page
  • Configuration
  • GitProtect side
  • IdP login using SAML protocol
  • Group mapping
  1. Deployment and the storage overview
  2. Deployment
  3. Log in to GitProtect
  4. Log In With SAML

OneLogin

This article contains information on how to configure the logging in process with SAML in case of the OneLogin.

PreviousOktaNextCyberArk

Last updated 9 months ago

Logging into GitProtect using SAML-integrated identity providers should be initiated from the GitProtect Management Service.

Remember to enable the switch for logging in using IdP authorization for existing users in the system. You can do this in the Settings -> Accounts tab.

Configuration

In order to set up SAML integration on GitProtect login to your own OneLogin portal, go to "Applications" tab and click Add App button. In the search box, type "SAML Custom Connector (Advanced)" and search.

Enter a custom name for the app in the "Display Name" field and click "Save" button.

Next go to the "Configuration" tab, in this tab you need to create some values that you will use.

Reply URL - https://GitProtectManagementServiceURL/Auth/AssertionConsumerService

Logout URL - https://GitProtectManagementServiceURL/auth/SAMLLogoutResponse

where:

GitProtectManagementServiceURL - URL address to your GitProtect Management Service. URL address ends with ".com", remove everything after this phrase on the right side.

Entity ID - a custom name identifying the application on the IdP side e.g. XOPEROSAML.

Then enter the prepared values ​​in the form on the OneLogin side.

  1. Audience (EntityID) - Entity ID

  2. ACS (Consumer) URL Validator* - Reply URL

  3. ACS (Consumer) URL* - Reply URL

  4. Single Logout URL - Logout URL

Then go to the SSO tab. Change "SAML Signature Algorithm" to SHA-256. Here, make a note of the "Issuer URL" value as you will need to use it to configure your application on the GitProtect side.

To properly handle LogOut, the private key of the entity that received the request is required. In GitProtect, you must use a file with the .pfx extension, which unfortunately cannot be downloaded directly from OneLogin. Therefore, use your own certificates or generate them for implementation.

Save all settings. Now you can proceed to assigning permissions to the users you want to use to log in to GitProtect. Go to the "Users" tab, select a user, and in the "Applications" tab, use the (+) button to add permissions to the application.

GitProtect side

Log into the GitProtect Web panel, go to the Settings tab and open the External Identity Providers section. Click Add new provider button and fill in the details.

At first, Name field which is your own custom name - i.e. OneLogin, then Entity ID, so in this example, it is XOPEROSAML (a custom name identifying the application prepared at the beginning).

Next, paste the "Issuer URL" into the Metadata URL (with protocol) field.

On the GitProtect side, select the .pfx file containing the private key that matches the certificate on the OneLogin side. It can be protected by a password, which should be entered in the "Add new or select password from Password manager" field.

Then select the default Language and Role and additional permissions. Now you can save the finished integration with IdP via the Save button.

IdP login using SAML protocol

Remember that with this integration method it is not possible to trigger login from the application page in OneLogin. Login to the system should be triggered via the login button on the GitProtect service side.

Group mapping

You can use group mapping if you have many users to whom you want to assign different permissions.

Each new login to GitProtect resets permissions to default. So if you change permissions for a user, it will only apply during the active session. After relogging the user, the permissions will return to default.

The configuration is two-track: OneLogin and GitProtect. Start by configuring the OneLogin side. In the "User" tab, then "Roles", create the roles you want to use. For example "XONE viewers" and "XONE admins". Then assign specific roles to specific users.

Then, in the "Applications" tab, edit the SAML application. Go to the "Parameters" tab. There, use the (+) icon to create a new parameter. In Field name, enter "http://schemas.xmlsoap.org/claims/Group". And check both Flags: Include in SAML assertion and Multi-value parameter. Press Save. In "Default if no value selected" select "User Roles" and Semicolon Delimited input (Multi-value output). Save the parameter using the "Save" button.

On the GitProtect side, when editing the IdP, select the "Group mapping" button. In Claim type, enter "http://schemas.xmlsoap.org/claims/Group", and in Claim value, enter the name of the role, e.g. XONE viewers. Select roles and permissions, then save. Repeat this step for each Role/Permissions you want to create.

OneLogin offers a form where you can generate a self-signed certificate:

https://developers.onelogin.com/saml/online-tools/x509-certs/obtain-self-signed-certs
Identity provider authentication toggle
GitProtect management console. URL address.
SAML OneLogin application. Configuration.
SAML application on the GitProtect side. Configuration.
OneLogin. Roles.
OneLogin. SAML application configuration. Parameters.
GitProtect group mapping.