Skip to content

Single Sign-On (SSO) to OnlyOffice#

Follow these instructions to configure the Gluu Server and OnlyOffice for SSO.

Configure OnlyOffice#


Review the docs for configuring OnlyOffice SSO.

  1. Sign in to the OnlyOffice portal with an administrative account

  2. Navigate to the Control Panel


  3. Click SSO (on the left menu), and select Enable Single Sign-on Authentication


  4. Load metadata to fill the required fields automatically. Shibboleth provides the IdP metadata file at https://{shibboleth-idp-domain}/idp/shibboleth. Store the shibboleth.xml filein the local machine and upload it with the SELECT FILE button.

  5. The Name ID format must be Transient


  6. In the Public Certificates section, check the box for both Verify Authentication Response Signature and Verify Logout Request Signature


  7. Inside the SP Certificates section, keep the default values for Attribute Mapping


  8. Click the Save button


Configure Gluu Server#

Now, follow the instructions below to create a SAML Trust Relationship (TR) for OnlyOffice in the Gluu Server.


Review the docs for creating SAML TRs.

Trust Relationship#

  1. Create a TR by clicking Saml, then Add Trust Relationship. Use the following fields:
    • Display Name: Name the TR (e.g. OnlyOffice SSO)
    • Description: Provide a description for the TR (e.g. SAML SSO TR for OnlyOffice)
    • Metadata Type: Select File
  2. Upload the OnlyOffice metadata (downloaded during OnlyOffice configuration)
  3. Release the following attributes: TransientID and Email
  4. Add the TR
  5. Select Configure Relying Party
  6. Add the following configurations:
    • Select SAML2SSO
    • includeAttributeStatement: Enabled
    • assertionLifetime: keep the default
    • assertionProxyCount: keep the default
    • signResponses: conditional
    • signAssertions: never
    • signRequests: conditional
    • encryptAssertions: conditional
    • encryptNameIds: never
    • Save
  7. Click Update
  8. Click Activate



Now, configure the NameID:

  1. Navigate to Configure custom NameID
  2. Click Add NameID Configuration

    • Check Enabled
    • For Source Attribute, select Email for the Source Attribute
    • For NameId Type, select emailAddress


  3. Click Update


  • Attempt to access the Only Office dashboard.
  • Click the button Single Sign-On
  • Enter your credentials in Gluu and login
  • You will be redirected back to the OnlyOffice dashboard with an active session