LogoLogo
Documentation and Guides
Documentation and Guides
  • ABOUT APONO
    • Why Choose Apono
    • Security and Architecture
    • Glossary
  • GETTING STARTED
    • How Apono Works
    • Getting started
    • Access Discovery
    • Integrating with Apono
  • CONNECTORS AND SECRETS
    • Apono Integration Secret
    • High Availability for Connectors
    • Installing a connector with Docker
    • Manage integrations
    • Manage connectors
    • S3 Storage
  • AWS ENVIRONMENT
    • AWS Overview
    • Apono Connector for AWS
      • Installing a connector on EKS Using Terraform
      • Updating a connector in AWS
      • Installing a connector on AWS ECS using Terraform
    • AWS Integrations
      • Integrate an AWS account or organization
        • Auto Discover AWS RDS Instances
        • AWS Best Practices
      • Amazon Redshift
      • RDS PostgreSQL
      • AWS RDS MySQL
      • Integrate with EKS
      • AWS Lambda Custom Integration
      • EC2 via Systems Manager Agent (SSM)
  • AZURE ENVIRONMENT
    • Apono Connector for Azure
      • Install an Azure connector on ACI using Azure CLI
      • Install an Azure connector on ACI using PowerShell
      • Install an Azure connector on ACI using Terraform
      • Updating a connector in Azure
    • Azure Integrations
      • Integrate with Azure Management Group or Subscription
        • Auto Discover Azure SQL Databases
      • Azure MySQL
      • Azure PostgreSQL
      • Integrate with AKS
  • GCP ENVIRONMENT
    • Apono Connector for GCP
      • Installing a GCP connector on Cloud Run using CLI
      • Installing a GCP connector on GKE using CLI (Helm)
      • Installing a GCP connector on GKE using Terraform
      • Updating a connector in Google Cloud
    • GCP Integrations
      • Integrate a GCP organization or project
      • CloudSQL - MySQL
      • CloudSQL - PostgreSQL
      • Google Cloud Functions
      • Integrate with GKE
      • AlloyDB
  • KUBERNETES ENVIRONMENT
    • Apono Connector for Kubernetes
      • Installing a connector on Kubernetes with AWS permissions
      • Updating a Kubernetes connector
    • Kubernetes Integrations
      • Integrate with Self-Managed Kubernetes
  • ADDITIONAL INTEGRATIONS
    • Databases and Data Repositories
      • Microsoft SQL Server
      • MongoDB
      • MongoDB Atlas
      • MongoDB Atlas Portal
      • MySQL
      • Oracle Database
      • PostgreSQL
      • RabbitMQ
      • Redis Cloud (Redislabs)
      • Snowflake
      • Vertica
      • MariaDB
    • Network Management
      • SSH Servers
      • RDP Servers
      • Windows Domain Controller
      • AWS EC2 SSH Servers
      • Azure VM SSH Servers
      • Installing the Apono HTTP Proxy
    • Development Tools
      • GitHub
      • Rancher
    • Identity Providers
      • Okta SCIM
      • Okta Groups
      • Okta SSO for Apono logins
      • Google Workspace (Gsuite)
      • Google Workspace (GSuite) Groups
      • Azure Active Directory (Microsoft Entra ID)
      • Azure Active Directory (Entra ID) Groups
      • Jumpcloud
      • JumpCloud Groups
      • OneLogin
      • OneLogin Group
      • LDAP Groups
      • The Manager Attribute in Access Flows
      • HiBob
      • Ping Identity SSO
    • Incident Response Integrations
      • incident.io
      • Opsgenie
      • PagerDuty
      • VictorOps (Splunk On-Call)
      • Zenduty
    • ChatOps Integrations
      • Slack integration
      • Teams integration
      • Backstage Integration
    • Secret Management
      • 1Password
  • WEBHOOK INTEGRATIONS
    • Webhooks Overview
    • Anomaly Webhook
    • Audit Log Webhook
    • Request Webhook
      • Custom Webhooks
      • Communications and Notifications
        • Slack Outbound Webhooks
        • Teams
        • Outlook and Gmail (Using Azure Logic App)
      • ITSM
        • Freshdesk
        • Jira
        • ServiceNow
        • Zendesk
        • Freshservice
        • ServiceDesk Plus
      • Logs and SIEMs
        • Coralogix
        • Datadog
        • Logz.io
        • Grafana
        • New Relic
        • SolarWinds
        • Sumo Logic
        • Cortex
        • Logpoint
        • Splunk
        • Microsoft Sentinel
      • Orchestration and workflow builders
        • Okta Workflows
        • Torq
    • Integration Webhook
    • Webhook Payload References
      • Audit Log Webhook Payload Schema Reference
      • Webhook Payload Schema Reference
    • Manage webhooks
    • Troubleshoot a webhook
    • Manual Webhook
      • ITSM
        • PagerDuty
  • ACCESS FLOWS
    • Access Flows
      • What are Access Flows?
    • Create Access Flows
      • Self Serve Access Flows
      • Automatic Access Flows
      • Access Duration
    • Manage Access Flows
      • Right Sizing
    • Revoke Access
    • Dynamic Access Management
      • Resource and Integration Owners
    • Common Use Cases
      • Ensuring SLA
      • Protecting PII and Customer Data
      • Production Stability and Management
      • Break Glass Protocol
    • Create Bundles
    • Manage Bundles
  • ACCESS REQUESTS AND APPROVALS
    • Slack
      • Requesting Access with Slack
      • Approving Access with Slack
      • Reviewing historical requests with Slack
    • Teams
      • Requesting Access with Teams
      • Approving Access with Teams
    • CLI
      • Install and manage the Apono CLI
      • Requesting Access with CLI
    • Web Portal
      • Requesting Access with the Web Portal
      • Approving Access with the Web Portal
      • Reviewing historical requests with the Web Portal
    • Freshservice
    • Favorites
  • Inventory
    • Inventory Overview
    • Inventory
    • Access Scopes
    • Risk Scores
    • Apono Query Language
  • AUDITS AND REPORTS
    • Activity Overview
      • Activity
      • Create Reports
      • Manage Reports
    • Compliance: Audit and Reporting
    • Auditing Access in Apono
    • Admin Audit Log (Syslog)
  • HELP AND DEBUGGING
    • Integration Status Page
    • Troubleshooting Errors
  • ARCHITECTURE AND SECURITY
    • Anomaly Detection
    • Multi-factor Authentication
    • Credentials Rotation Policy
    • Periodic User Cleanup & Deletion
    • End-user Authentication
    • Personal API Tokens
  • User Administration
    • Role-Based Access Control (RBAC) Reference
    • Create Identities
    • Manage Identities
Powered by GitBook
On this page
  • OneLogin
  • Overview
  • Who Should Read This
  • Prerequisites
  • Integrate with OneLogin
  • 1. Create API credentials from the OneLogin Admin UI
  • 2. Find Your Organization's Base Domain
  • 3. Integrate with OneLogin
  • More about the Manager Attribute
  • Results
  • Next Steps
  • References
  • Troubleshooting

Was this helpful?

Export as PDF
  1. ADDITIONAL INTEGRATIONS
  2. Identity Providers

OneLogin

How to integrate Onelogin with Apono to manage access of users and groups

OneLogin

Overview

OneLogin is a cloud-based identity and access management (IAM) provider that specializes in single sign-on (SSO) and multi-factor authentication (MFA) solutions. These services are scalable, secure, and easily integrated into various business environments. OneLogin helps organizations manage and secure real-time user access to applications and data across different devices and environments.

Apono's integration with OneLogin provides a seamless way to synchronize your OneLogin users and groups with Apono. This allows you to easily define policies for existing users and groups within Apono.

Who Should Read This

  • DevOps creating Access Flows

  • Professionals in the organization who manage the OneLogin identity provider

Prerequisites

  • Apono account with Admin privileges

  • OneLogin account with Super User privileges. Learn more about OneLogin privileges in this OneLogin knowledge base article

Integrate with OneLogin

Follow these steps to integrate Apono with OneLogin:

1. Create API credentials from the OneLogin Admin UI

  1. Log into your OneLogin organization using an admin account.

  2. Click the Administration button in the top-right corner of the Admin Dashboard.

  3. In the menu, navigate to Developers and then click on API Credentials.

  4. Click the New Credential button and create credentials with the Read users scope.

Record the Client ID and Client Secret. You can always access these credentials by returning to the API Credentials page.

2. Find Your Organization's Base Domain

Once you have logged in to OneLogin, you can find your organization's domain in the URL bar of your browser. Remove "https://" prefix and any "/. suffix so that you are left with a domain that looks like this example.onelogin.com. Record the base domain for the next step.

3. Integrate with OneLogin

  1. Log into Apono.

  2. Find the OneLogin entry in the Apono Catalog and click Connect button to display the integration form (you can use this link to go directly to the OneLogin integration form).

  3. Fill in the integration details:

Parameter
Value

Integration name

Your name for the integration. It will be used when managing Access Flows

Domain

Your organization's OneLogin base domain from the previous step

Client ID

The Client ID from OneLogin's API credentials created above

Client Secret

The Client Secret from OneLogin's API credentials created above

Group Mapping Strategy

Select how users from OneLogin should be mapped to Apono. The choices are: - Groups: Use the default OneLogin groups for mapping - Roles: Use OneLogin Roles to map users to groups

Custom Manager Attribute Name

If necessary, specify the name of the OneLogin attribute that contains users' manager names. For more information, see below

Submit the form when it has been completed, and the new OneLogin integration should appear immediately. Find the OneLogin item in the Apono catalog and navigate to the Connected tab to confirm that the Apono integration was successful.

More about the Manager Attribute

The Manager Attribute is used by Apono to find each user's manager within the OneLogin system. By specifying a manager attribute name, Apono can accurately locate the manager associated with each user. If the attribute name is not specified, Apono will default to using OneLogin's predefined attribute, which is Manager.

If you prefer not to use OneLogin's default method, you have the option to utilize Custom Attributes in OneLogin to specify the user manager.

Note that the manager attribute must contain either the manager's email address or their ID (OneLogin user ID).

For additional information on how to configure custom attributes in OneLogin, please refer to Custom User Fields in the OneLogin Knowledge Base.

Results

Return to the Integrations page Connected tab where you will see that OneLogin is now active. Click it to view the details of the integration.

Next Steps

With a successful connection to OneLogin, you can now create access flows for the resource.

References

Troubleshooting

Refer to Troubleshooting Errors for information about errors that may occur.

PreviousJumpCloud GroupsNextOneLogin Group

Last updated 8 months ago

Was this helpful?