How to configure Single Sign-On to Continu using OneLogin as the identity provider, via SAML 2.0.
Continu supports SAML 2.0 single sign-on. When configured, users authenticate through your identity provider rather than entering Continu-specific credentials. The integration handles login, plus optional attribute pass-through (first name, last name, additional fields).
This guide covers OneLogin specifically. For other identity providers, see the related articles linked below. For the strategic context on user provisioning and identity, see Provisioning and Sync: How User Data Flows Into Continu.
How to Configure OneLogin SSO
1. From your OneLogin admin portal, select Applications, then Add App to add an integration from the catalog.
2. In the search box, type continu and select the top SAML 2.0 application.
3. Change the display name if desired. Click save.
4. Open the configuration tab. Enter your Continu subdomain in the subdomain field. (For example, if you access Continu at https://goodcompany.continu.co, enter goodcompany.) Click save.
5. Open the parameters tab.
6. Default parameters are sufficient for most setups. To pass additional information (saved on Continu user records), click the + icon. Otherwise, skip to step 12.
7. In the Field name input, type the name of the field Continu expects. (Acceptable field names are listed at the end of this article.)
8. In the Value field, select the OneLogin attribute that should map to it.
9. Toggle Include in SAML assertion to ensure the attribute is passed.
10. Save the parameter.
11. Repeat for each additional attribute you want to pass.
12. Open the SSO tab. Copy the Issuer URL and download the X.509 Certificate.
13. In Continu, go to Admin > Integrations and select SAML 2.0.
14. Paste the OneLogin Issuer URL into SAML 2.0 Endpoint. Paste the certificate into the X.509 field.
15. Submit. Assign the Continu app to OneLogin users to grant them access.
Acceptable Continu Field Names for Parameter Mapping
email, firstName, lastName, title, department, location, manager, employeeId, and other custom attributes your instance supports.
Casing matters — match Continu's expected names exactly.
Configuration Pitfalls
Forgetting to Toggle "Include in SAML Assertion". A parameter configured but not toggled into the assertion isn't actually passed during authentication. User records remain missing the attribute.
Subdomain Without Protocol. The subdomain field expects just the subdomain (goodcompany), not the full URL. Pasting the full URL fails.
Attribute Name Casing. firstName vs firstname — Continu's expected casing must match exactly.
Forgetting User Assignment. Adding the Continu app to OneLogin doesn't automatically grant access. Users still need to be assigned to the app.
Issuer URL Pasted Without Trailing Path. The OneLogin Issuer URL is a complete URL — copy-paste in full. Truncated URLs produce authentication failures.
Where This Fits
You're here because you're configuring OneLogin SSO. For other identity providers, see the related articles. For the broader provisioning context, see Provisioning and Sync: How User Data Flows Into Continu.
See Also
- Provisioning and Sync: How User Data Flows Into Continu — the strategic anchor.
- Setting Up Single Sign On via Okta — Okta setup.
- Single Sign on via Google — Google Workspace setup.
- Single Sign on via JumpCloud — JumpCloud setup.
- Active Directory (ADFS) using SAML 2.0 — Microsoft ADFS setup.