Scheduled maintenance: Tuesday 2nd September 2025

We will be carrying out scheduled maintenance on RPL and Login on Tuesday, 2nd September. During this period, there will be downtime between 7:00am and 7:30am.
Please make sure you are logged out of your account and have saved any work before this time.
Thank you for your understanding.

Upcoming System Update: Eportfolio & Learning Journal

On Wednesday, 3rd September 2025, we’ll be rolling out a series of enhancements to Eportfolio and the Learning Journal aimed at improving usability, accuracy, and the overall experience for both learners and assessors.

Release Notes
Full details of the changes can be found here.  

⏱️ Scheduled Downtime
Please note that there will be a brief service interruption between 07:00 and 07:30 AM on the day of the update.

⚠️Action Required
To avoid any data loss, make sure you’re logged out and have saved all work before 07:00 AM.


Welcome to the new Help Centre! ✨

You may have spotted our new and shiny company website - and that’s not all that’s changed! We now have dedicated Help Centres for each of our products to make it easier for you to find the right support. For a quick guide to what’s new and where to go, click here.

Submit a ticket Log in
  1. Home
  2. Guides and Support
  3. Integrations
  4. Single Sign-On

SAML

Adam Fogo
Modified on: Wed, 8 Jan, 2025 at 11:50 AM

We (OneFile) will use yourself as the identity provider to allow your users to authentication, we support SAML2 as a service provider. Our Meta data is available at the following URL: 

https://login.onefile.co.uk/api/samlsso/meta


Provisioning SAML users

Our system employs SAML user alignment to link OneFile users with your SAML accounts. This resolves the issue of users not sharing the same email domain due to variations in systems or organisational structures.

During user provisioning, an additional API call is required to set a unique identifier for the user account used in the authentication. This ensures secure access through SAML authentication.

Enabling SAML user alignment eliminates the constraint of shared email domains, accommodating diverse users and systems. This simplifies access and enhances security, allowing users from different domains to seamlessly connect with their designated SAML accounts, irrespective of email or domain differences.

User flow

  • When configuring your SAML Integration within OneFile, you must provide a domain field. This is used on our login page, if your users arrive at our site directly. Users click SSO on our login page, type in your domain (e.g. onefilecollege.ac.uk) and we will use SAML2 Post binding to send the user with an Authnrequest. 
  • We will give you a link such as login.onefile.co.uk/api/samlsso/{guid}. This guid is unique to your integration and you can use this in a simple HTML link on your site to start the authentication process for your users. This will generate and POST the Authnrequest to your system. 

AuthnRequests

As the Service Provider we will send you an AuthnRequest

  • We only use POST binding.
  • Our Authnrequest is not signed. 

SAML Response

  • We only support POST binding. 
  • We do not process any additional attributes.  
  • We expect the Subject NameId to contain a guid, which we refer to as the SAMLID. This guid is the representation of the user in your IdP system. 
  • We do support unsolicited SAML Response processing, so you can send us a SAML Response directly. 
  • We expect your SAML response to be signed using the certificate provided to us when you configured the integration in our system. 
  • SAML Responses must be signed using SHA256. 
  • RelayState is currently not implemented.


Multiple centre organisation?

If you're an organisation with multiple OneFile Centres, you'll only need to configure SAML on one centre and the changes will apply accross all centres linked to your organisation.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Other Guides