OneLogin
How to integrate Onelogin with Apono to manage access of users and groups
OneLogin
Overview
OneLogin is a cloud-based identity and access management (IAM) provider that specializes in single sign-on (SSO) and multi-factor authentication (MFA) solutions. These services are scalable, secure, and easily integrated into various business environments. OneLogin helps organizations manage and secure real-time user access to applications and data across different devices and environments.
Apono's integration with OneLogin provides a seamless way to synchronize your OneLogin users and groups with Apono. This allows you to easily define policies for existing users and groups within Apono.
Who Should Read This
DevOps creating Access Flows
Professionals in the organization who manage the OneLogin identity provider
Prerequisites
Apono account with Admin privileges
OneLogin account with Super User privileges. Learn more about OneLogin privileges in this OneLogin knowledge base article
Integrate with OneLogin
Follow these steps to integrate Apono with OneLogin:
1. Create API credentials from the OneLogin Admin UI
Log into your OneLogin organization using an admin account.
Click the Administration button in the top-right corner of the Admin Dashboard.
In the menu, navigate to Developers and then click on API Credentials.
Click the New Credential button and create credentials with the Read users scope.
Record the Client ID and Client Secret. You can always access these credentials by returning to the API Credentials page.
2. Find Your Organization's Base Domain
Once you have logged in to OneLogin, you can find your organization's domain in the URL bar of your browser. Remove "https://" prefix and any "/. suffix so that you are left with a domain that looks like this example.onelogin.com. Record the base domain for the next step.
3. Integrate with OneLogin
Log into Apono.
Fill in the integration details:
Integration name
Your name for the integration. It will be used when managing Access Flows
Domain
Your organization's OneLogin base domain from the previous step
Client ID
The Client ID from OneLogin's API credentials created above
Client Secret
The Client Secret from OneLogin's API credentials created above
Group Mapping Strategy
Select how users from OneLogin should be mapped to Apono. The choices are: - Groups: Use the default OneLogin groups for mapping - Roles: Use OneLogin Roles to map users to groups
Custom Manager Attribute Name
If necessary, specify the name of the OneLogin attribute that contains users' manager names. For more information, see below
Submit the form when it has been completed, and the new OneLogin integration should appear immediately. Find the OneLogin item in the Apono catalog and navigate to the Connected tab to confirm that the Apono integration was successful.
More about the Manager Attribute
The Manager Attribute is used by Apono to find each user's manager within the OneLogin system. By specifying a manager attribute name, Apono can accurately locate the manager associated with each user. If the attribute name is not specified, Apono will default to using OneLogin's predefined attribute, which is Manager
.
If you prefer not to use OneLogin's default method, you have the option to utilize Custom Attributes in OneLogin to specify the user manager.
Note that the manager attribute must contain either the manager's email address or their ID (OneLogin user ID).
For additional information on how to configure custom attributes in OneLogin, please refer to Custom User Fields in the OneLogin Knowledge Base.
Results
Return to the Integrations page Connected tab where you will see that OneLogin is now active. Click it to view the details of the integration.
Next Steps
With a successful connection to OneLogin, you can now create access flows for the resource.
References
Troubleshooting
Refer to Troubleshooting Errors for information about errors that may occur.
Last updated