The OnePacs System
Page tree
Skip to end of metadata
Go to start of metadata

🔐 Single Sign-On (SSO) with SAML for OnePACS

OnePACS now supports Single Sign-On (SSO) via SAML 2.0, enabling seamless and secure authentication through your organization's identity provider (IdP), such as Okta, Azure Active Directory, or other SAML-compatible services.

✅ Benefits of Using SSO

  • Use Your Existing Credentials: Log into OnePACS with your corporate username and password.

  • Enhanced Security: Centralized authentication via your IdP supports stronger access controls, including MFA policies.

  • Improved User Experience: No need to manage a separate OnePACS password, fewer credentials to remember and reset.

🧩 Supported Identity Providers

OnePACS SAML SSO is compatible with major IdPs, including:

  • Okta

  • Microsoft Azure AD

  • Google Workspace (SAML)

  • Ping Identity

  • Auth0 Any SAML 2.0-compliant IdP

Important Note: The OnePACS SAML Integration does not currently support user provisioning; however, this feature is planned for a future release. 

✅ Preconditions for SAML SSO Integration

Before configuring SAML Single Sign-On, ensure the following preconditions are met:

  1. Your Identity Provider (IdP) supports custom SAML attribute mappings.
    (e.g., Okta, Azure AD, ADFS, etc.)
  2. A custom SAML attribute named username is configured in your IdP.
    • Name/FriendlyName: username
    • Value: The user's login identifier (e.g., corporate username or email)
  3. The username attribute is included in the <AttributeStatement> of all successful SAML assertions.
  4. The IdP username (in the OnePACS application) must match the value passed back from this username attribute.
  5. You have access to modify attribute/claim mappings in your IdP’s SAML configuration.

📝 Setup Requirements

To configure SSO for your organization, you’ll need to provide the following:

Log in to OnePACS using your OnePACS admin credentials.

Click on Admin > Identity Providers

Click Add at the bottom left of the screen.

Configure your Identity Provider. Save.

Click on Admin > Users

Add or edit an existing user. Expand Identity Providers at the bottom left of the screen. Select the Identity Provider previously configured, along with the username from the IdP server associated with the particular OnePacs user being updated.

  **The IdP username must match the value passed back from this username attribute.

Important Note: Admins are required to create users or assign existing users to Identity Providers (IdPs) for users to authenticate.

Please reach out to our support team if you need setup assistance.

🛠️ How It Works

Once SSO is configured for your account:

  1. Navigate to your OnePACS landing page, i.e., web.onepacs.com, my.onepacs.com.

  2. Enter your OnePACS username

  3. You will be redirected to your IdP login page

  4. Authenticate using your corporate credentials

  5. Upon successful login, you're automatically redirected back into OnePACS

  • No labels