SSO: Configuring OneLogin for Use with InVision V7
This article provides answers for InVision V7 only. Not sure which version you're using? Find out now.
Getting set up to use OneLogin with InVision V7 involves two primary tasks:
- Add InVision as a new application in OneLogin.
- Configure OneLogin in InVision V7.
Adding the InVision app in OneLogin
To add the InVision app in OneLogin:
- Sign in to your OneLogin admin page, click Applications in the main navigation, and click Add App.
- In the search bar, enter "InVision"; click InVision App in the results list, and then click Save.
- On the left side, click Configuration.
- In the Subdomain field, enter your InVision team's unique subdomain (e.g.,
your-subdomain.invisionapp.com), and then click Save.
- On the left side, click SSO.
- Make note of the URL in the SAML 2.0 Endpoint (HTTP) field.
You'll need this URL for the "Configuring OneLogin in InVision V7" instructions below.
- Below the X.509 Certificate field, click View Details, and set the SHA fingerprint dropdown to SHA256.
- Copy the X.509 certificate, and then click Save.
You'll need the certificate for the "Configuring OneLogin in InVision V7" instructions below.
Configuring OneLogin in InVision V7
To perform this action, you must be an owner on the Enterprise account.
To use and configure OneLogin as your Enterprise team's IdP in InVision V7:
- Sign in to your InVision Enterprise here:
- In the lower-left corner, click the [Your Team Name] dropdown, and then click People & Team settings.
The Team page will open with the People tab active.
- Click the Settings tab, and then click Single sign-on.
- Toggle on Require SSO for every member of [your Enterprise team].
- Enter the details you gathered during steps 6 and 8 of the "Add the InVision app in OneLogin" instructions:
- In the SAML Certificate field, paste the X.509 Certificate data you copied in OneLogin.
- In the Sign-in URL field, enter the SAML 2.0 Endpoint (HTTP) URL you saw in OneLogin.
- Click the HASH Algorithm dropdown and select SHA-256.
- In the SSO Button Label field, enter the name you want your InVision Enterprise members to see when signing in (e.g., "Sign in with OneLogin").
- Fine-tune the sign-in experience as wanted, and then click Update.
After completing the steps above for both OneLogin and InVision, any time a user attempts to sign in to your InVision V7 subdomain, they will be prompted to use SSO with OneLogin.