To configure OneLogin for use with InVision, there are four main steps to the process:
- Add InVision as a new application in OneLogin.
- Add your users to the application.
- Download the metadata for the application.
- Send the metadata to InVision's Support team, so we can finish the configuration.
This document walks you through that process.
Note: Before implementing SSO for your Enterprise, we recommend ensuring that the Enable password expiration option is toggled off in your Password Policy settings. With SSO enabled, password expiration via InVision (rather than your SSO provider) may prevent some of your members from accessing your Enterprise account if they forget their native InVision password.
Adding InVision as a new application in OneLogin
- Sign in to OneLogin as an admin.
- Click Apps > Add Apps.
- In the search field in the upper left corner, enter "InVision" and click the "InVision App" entry which supports SAML.
- Click Save to add the app to OneLogin.
- Click the Configuration tab and enter your InVision subdomain in the Subdomain field.
- Click the SSO tab and select SHA-256.
- Click the Users tab and assign users who should be able to access InVision to the app.
- Click Save.
- Click the More Actions dropdown and click SAML Metadata to download the IdP metadata for OneLogin.
Sending metadata to InVision Support
Once you've downloaded your metadata from OneLogin, the Owner or an Admin on your InVision Enterprise organization will need to submit a request to InVision's Support team to finish the configuration. You can submit that request by going to https://support.invisionapp.com/hc/en-us/requests/new. Be sure to attach the metadata that you downloaded in the last step above.
Once you've sent us the metadata, do not delete/re-create the application in OneLogin. Doing so will change the metadata and will require that you repeat the above steps in order to get OneLogin working with InVision again.