# OneLogin

## OneLogin

## Overview

OneLogin is a cloud-based identity and access management (IAM) provider that specializes in single sign-on (SSO) and multi-factor authentication (MFA) solutions. These services are scalable, secure, and easily integrated into various business environments. OneLogin helps organizations manage and secure real-time user access to applications and data across different devices and environments.

Apono's integration with OneLogin provides a seamless way to synchronize your OneLogin users and groups with Apono. This allows you to easily define policies for existing users and groups within Apono.

### Who Should Read This

* DevOps creating Access Flows
* Professionals in the organization who manage the OneLogin identity provider

## Prerequisites

* Apono account with **Admin** privileges
* OneLogin account with **Super User** privileges. Learn more about OneLogin privileges in this OneLogin [knowledge base article](https://support.onelogin.com/kb/4267043/privileges)

## Integrate with OneLogin

Follow these steps to integrate Apono with OneLogin:

### 1. Create API credentials from the OneLogin Admin UI

1. Log into your OneLogin organization using an admin account.
2. Click the **Administration** button in the top-right corner of the Admin Dashboard.
3. In the menu, navigate to **Developers** and then click on **API Credentials**.
4. Click the **New Credential** button and create credentials with the **Read users** scope.

<figure><img src="https://1094436629-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fv6MBfUGvblSdAz31yJXm%2Fuploads%2Fgit-blob-9c89618c9bb87ad88fc390fa0edd5c784e26ab74%2FOneLogin-1.png?alt=media" alt="" width="425"><figcaption></figcaption></figure>

Record the **Client ID** and **Client Secret**. You can always access these credentials by returning to the **API Credentials** page.

### 2. Find Your Organization's Base Domain

Once you have logged in to OneLogin, you can find your organization's domain in the URL bar of your browser. Remove "https\://" prefix and any "/*.* suffix so that you are left with a domain that looks like this **example.onelogin.com**. Record the base domain for the next step.

### 3. Integrate with OneLogin

1. Log into Apono.
2. Find the OneLogin entry in the Apono [Catalog](https://app.apono.io/catalog) and click **Connect** button to display the integration form (you can use [this link](https://app.apono.io/catalog/add-integration/onelogin-idp) to go directly to the OneLogin integration form).
3. Fill in the integration details:

<table><thead><tr><th width="251">Parameter</th><th>Value</th></tr></thead><tbody><tr><td><strong>Integration name</strong></td><td>Your name for the integration. It will be used when managing Access Flows</td></tr><tr><td><strong>Domain</strong></td><td>Your organization's OneLogin base domain from the previous step</td></tr><tr><td><strong>Client ID</strong></td><td>The Client ID from OneLogin's API credentials created above</td></tr><tr><td><strong>Client Secret</strong></td><td>The Client Secret from OneLogin's API credentials created above</td></tr><tr><td><strong>Group Mapping Strategy</strong></td><td>Select how users from OneLogin should be mapped to Apono. The choices are:<br>- <strong>Groups</strong>: Use the default OneLogin groups for mapping<br>- <strong>Roles</strong>: Use OneLogin Roles to map users to groups</td></tr><tr><td><strong>Custom Manager Attribute Name</strong></td><td>If necessary, specify the name of the OneLogin attribute that contains users' manager names. For more information, see below</td></tr></tbody></table>

Submit the form when it has been completed, and the new OneLogin integration should appear immediately. Find the OneLogin item in the Apono catalog and navigate to the **Connected** tab to confirm that the Apono integration was successful.

### More about the Manager Attribute

The Manager Attribute is used by Apono to find each user's manager within the OneLogin system. By specifying a manager attribute name, Apono can accurately locate the manager associated with each user. If the attribute name is not specified, Apono will default to using OneLogin's predefined attribute, which is `Manager`.

If you prefer not to use OneLogin's default method, you have the option to utilize Custom Attributes in OneLogin to specify the user manager.

> Note that the manager attribute must contain either the manager's **email address** or their **ID** (OneLogin user ID).

For additional information on how to configure custom attributes in OneLogin, please refer to [Custom User Fields](https://onelogin.service-now.com/support?id=kb_article\&sys_id=17bbbe551b5e65d0c12a41d5ec4bcbda\&kb_category=fdf52dfcdbd45340d5505eea4b96192b) in the OneLogin Knowledge Base.

### Results

Return to the [Integrations page](https://app.apono.io/catalog) Connected tab where you will see that OneLogin is now active. Click it to view the details of the integration.

### Next Steps

With a successful connection to OneLogin, you can now [create access flows](https://docs.apono.io/docs/access-flows/access-flows) for the resource.

### References

### Troubleshooting

Refer to [Troubleshooting Errors ](https://docs.apono.io/docs/help-and-debugging/troubleshooting-errors)for information about errors that may occur.