Getting started
Overview
Quickstart guides
Production checklist
Integration & migration
Connect external storage
Migrate to ImageKit
Image & video API
Transform and adapt
Optimize for web delivery
Core delivery features
DAM user guide
DAM overview
Sharing and collaboration
Embeddable ML widget
API overview
Introduction
API keys
Webhooks
API Reference
Account
Account management
User management
Session management
Central audit logs
Single sign-on (SSO)
Azure
Okta
OneLogin
AD FS
Billing and subscription
Pricing Plan Parameters
Usage analytics
Sub-accounts

OneLogin SSO Setup

Learn how to set up Single Sign-On (SSO) for ImageKit using OneLogin as the Identity Provider (IdP).

There are two main steps required to set up SSO using OneLogin on ImageKit:

  1. Create a OneLogin application
  2. Enable SSO login on ImageKit

OneLogin subscription

Although you may use a free account on OneLogin to set up and test the SSO application, having a premium OneLogin subscription is recommended for seamless role provisioning for your users. Read more here.

Create a OneLogin application

First, you need to create an application on OneLogin and generate a SAML Metadata XML file.

You may refer to the official documentation by OneLogin here or follow our brief guide below:

  1. Log in to the OneLogin portal and open the Administration panel
  2. Navigate to the "Applications" screen using the top navigation menu
  3. Click the "Add App" button, then search for "SAML Custom Connector"
  4. Choose the correct "Advanced" connector as shown below
  5. Input a name for the application, we will use "ImageKit" for this guide

Click "Save" and wait until you are redirected to the application page.

Configure single sign-on options

On the application page, navigate to the 'Configuration' screen.

Basic SAML configuration

On this screen, we will configure various authentication parameters:

FieldValue
RelayStatehttps://imagekit.io/dashboard
Audience (EntityID)https://imagekit.io/saml/consume
Recipienthttps://imagekit.io/saml/consume
ACS (Consumer) URL Validatorhttps://imagekit.io/saml/consume
ACS (Consumer) URLhttps://imagekit.io/saml/consume
Single Logout Urlhttps://imagekit.io/logout
SAML initiatorOneLogin
SAML nameID formatEmail

Leave the rest of the values as they are.

Note: Name ID is the unique email address of the user that will be used to identify them on ImageKit.

SSO signature settings

Navigate to the "SSO" tab and change the value of "SAML Signature Algorithm" to SHA-256.

You may also note an alternate link to obtain SAML Metadata XML below it.

Attributes and claims

Now you need to specify three custom keys that ImageKit uses to authorize and provision your users:

Field Description Claim example
imagekit_idThe ImageKit ID of your organization account.<your_imagekit_id>
full_nameThe full name of the user.e.g., Jade Smith

imagekit_role

The role to assign to the user on ImageKit that would decide their access privileges. Accepted values of this key in the SAML response sent to ImageKit are:

  • account_administrator
  • developer
  • media_library_full_access
  • media_library_view_only_access
  • media_library_restricted_access
  • finance

Read more about different ImageKit roles and their privileges here.

e.g., developer
The final computed value of this claim must be one of the accepted role strings from the list specified alongside.

To do this, you need to create "Custom User Fields" on OneLogin. Read the official guide here or follow the quick version below.

Navigate to "Users > Custom User Fields", and create user attributes that will be mapped and sent to ImageKit during authentication.

Back on the application page under the "Parameters" section, ensure that these fields are included correctly in your OneLogin user object.

Assign users to the SSO application on OneLogin

Assign users to the ImageKit application by going to the Users section, selecting a user, and navigating to the Applications tab on the user's details page.

Save your assignments before proceeding further.

SAML Metadata XML

Navigate to the application setup screen and use the popover menu highlighted here to download the SAML Metadata XML file.

Save it in a safe location. You will need to upload this XML file to your ImageKit account in a later step.

Enable SSO login on ImageKit

If you have administrator privileges on your ImageKit account, you can enable SSO for all the users in your account as follows:

  1. Navigate to the Settings page.
  2. Open the SAML Metadata XML file (which was downloaded previously) in a text editor of your choice.
  3. Copy and paste the contents of the file into the Metadata XML input box.
  4. Click on the 'Save' button.

Your users should now be able to use OneLogin SSO to log into ImageKit.

First-time login

SSO users would need to initiate their very first login on ImageKit through the ImageKit app by navigating to their dashboard on OneLogin.

After their first login, they may use the ImageKit SSO login page for signing in to ImageKit directly. Read more here.

Disable SSO login on ImageKit

You can disable SSO login for the users on your ImageKit account by deleting the Metadata XML.

To do so, navigate to the Settings page and click on the 'Delete' button.

Got any questions? Contact us - support@imagekit.io