🔐 Single Sign-On (SSO) with SAML for OnePACS
OnePACS now supports Single Sign-On (SSO) via SAML 2.0, enabling seamless and secure authentication through your organization's identity provider (IdP), such as Okta, Azure Active Directory, or other SAML-compatible services.
✅ Benefits of Using SSO
Use Your Existing Credentials: Log into OnePACS with your corporate username and password.
Enhanced Security: Centralized authentication via your IdP supports stronger access controls, including MFA policies.
Improved User Experience: No need to manage a separate OnePACS password, fewer credentials to remember and reset.
🧩 Supported Identity Providers
OnePACS SAML SSO is compatible with major IdPs, including:
Okta
Microsoft Azure AD
Google Workspace (SAML)
Ping Identity
Auth0
Any SAML 2.0-compliant IdP
Important Note: The OnePACS SAML Integration does not currently support user provisioning; however, this feature is planned for a future release.
✅ Preconditions for SAML SSO Integration
Before configuring SAML in Onepacs, you will need to configure the application in your SSO Provider based on the following information.
OnePACS' SAML ACS URL: https://<your-subdomain>.onepacs.com/login/saml/acs
A custom SAML attribute named
username
is configured in your IdP. The user's login identifier (e.g., corporate username or email) should be used. Theusername
attribute is included in the<AttributeStatement>
of all successful SAML assertions.
📝 OnePACS Setup Requirements
To configure SSO for your organization, you’ll need to do the following:
Log in to OnePACS using your OnePACS admin credentials.
Identity Provider Configuration
Click on Admin > Identity Providers
Click Add at the bottom left of the screen.
Configure your Identity Provider in OnePACS with the metadata or information provided by your IdP below.
Friendly Name for OnePACS
- IdP Managers (Add facility managers by clicking in the IdP managers box, or click the magnifying glass to select multiple facility managers)
- SSO URL from your IdP
- Entity ID from your IdP
Certificate
Assigning Users to IdPs
Click on Admin > Users
Add or edit an existing user. Expand Identity Providers at the bottom left of the screen. Select the Identity Provider previously configured, along with the username from the IdP server associated with the particular OnePacs user being updated.
he IdP username must match the value passed back from this username attribute.
**TImportant Note: Admins are responsible for creating Identity Providers (IdPs). They can either add users directly or delegate access by assigning privileges to facility managers, who can then add other facility managers, facility users, or assign existing users to IdPs for authentication.
Please reach out to our support team if you need assistance with setup.
🛠️ How It Works
Once SSO is configured for your account:
Navigate to your OnePACS landing page, i.e., web.onepacs.com, my.onepacs.com.
Enter your OnePACS username
You will be redirected to your IdP login page
Authenticate using your corporate credentials
Upon successful login, you're automatically redirected back into OnePACS