Onelogin
How to integrate Onelogin with Apono to manage access of users and groups
Overview
Apono's integration with OneLogin provides a seamless way to synchronize your OneLogin users and groups with Apono. This allows you to easily define policies for existing users and groups within Apono.
Who Should Read This
- DevOps creating Access Flows
- Professionals in the organization who manage the OneLogin identity provider
Prerequisites
- Apono account with Admin privileges
- OneLogin account with Super User privileges. Learn more about OneLogin privileges in this OneLogin knowledge base article
Integrate with OneLogin
Follow these steps to integrate Apono with OneLogin:
1. Create API credentials from the OneLogin Admin UI
- Log into your OneLogin organization using an admin account.
- Click the Administration button in the top-right corner of the Admin Dashboard.
- In the menu, navigate to Developers and then click on API Credentials.
- Click the New Credential button and create credentials with the Read users scope.
Record the Client ID and Client Secret. You can always access these credentials by returning to the API Credentials page.
2. Find Your Organization's Base Domain
Once you have logged in to OneLogin, you can find your organization's domain in the URL bar of your browser. Remove "https://" prefix and any "/. suffix so that you are left with a domain that looks like this example.onelogin.com. Record the base domain for the next step.
3. Integrate with OneLogin
- Log into Apono.
- Find the OneLogin entry in the Apono Catalog and click Connect button to display the integration form (you can use this link to go directly to the OneLogin integration form).
- Fill in the integration details:
| Parameter | Value |
|---|---|
| Integration name | Your name for the integration. It will be used when managing Access Flows |
| Domain | Your organization's OneLogin base domain from the previous step |
| Client ID | The Client ID from OneLogin's API credentials created above |
| Client Secret | The Client Secret from OneLogin's API credentials created above |
| Group Mapping Strategy | Select how users from OneLogin should be mapped to Apono. The choices are: - Groups: Use the default OneLogin groups for mapping - Roles: Use OneLogin Roles to map users to groups |
| Custom Manager Attribute Name | If necessary, specify the name of the OneLogin attribute that contains users' manager names. For more information, see below |
Submit the form when it has been completed, and the new OneLogin integration should appear immediately. Find the OneLogin item in the Apono catalog and navigate to the Connected tab to confirm that the Apono integration was successful.
More about the Manager Attribute
The Manager Attribute is used by Apono to find each user's manager within the OneLogin system. By specifying a manager attribute name, Apono can accurately locate the manager associated with each user. If the attribute name is not specified, Apono will default to using OneLogin's predefined attribute, which is Manager.
If you prefer not to use OneLogin's default method, you have the option to utilize Custom Attributes in OneLogin to specify the user manager.
Note that the manager attribute must contain either the manager's email address or their ID (OneLogin user ID).
For additional information on how to configure custom attributes in OneLogin, please refer to Custom User Fields in the OneLogin Knowledge Base.
Results
Return to the Integrations page Connected tab where you will see that OneLogin is now active. Click it to view the details of the integration.
Next Steps
With a successful connection to OneLogin, you can now create Access Flows for the resource.
References
Troubleshooting
Refer to Troubleshooting Errors for information about errors that may occur.
Updated about 1 month ago