Overview

OneLogin is a cloud-based identity and access management (IAM) provider that specializes in single sign-on (SSO) and multi-factor authentication (MFA) solutions. These services are scalable, secure, and easily integrated into various business environments. OneLogin helps organizations manage and secure real-time user access to applications and data across different devices and environments.

Apono's integration with OneLogin provides a seamless way to synchronize your OneLogin users and groups with Apono. This allows you to easily define policies for existing users and groups within Apono.

Who Should Read This

DevOps creating Access Flows
Professionals in the organization who manage the OneLogin identity provider

Prerequisites

Apono account with Admin privileges
OneLogin account with Super User privileges. Learn more about OneLogin privileges in this OneLogin knowledge base article

Integrate with OneLogin

Follow these steps to integrate Apono with OneLogin:

1. Create API credentials from the OneLogin Admin UI

Log into your OneLogin organization using an admin account.
Click the Administration button in the top-right corner of the Admin Dashboard.
In the menu, navigate to Developers and then click on API Credentials.
Click the New Credential button and create credentials with the Read users scope.

Record the Client ID and Client Secret. You can always access these credentials by returning to the API Credentials page.

2. Find Your Organization's Base Domain

Once you have logged in to OneLogin, you can find your organization's domain in the URL bar of your browser. Remove "https://" prefix and any "/. suffix so that you are left with a domain that looks like this example.onelogin.com. Record the base domain for the next step.

3. Integrate with OneLogin

Log into Apono.
Find the OneLogin entry in the Apono Catalog and click Connect button to display the integration form (you can use this link to go directly to the OneLogin integration form).
Fill in the integration details:

Parameter	Value
Integration name	Your name for the integration. It will be used when managing Access Flows
Domain	Your organization's OneLogin base domain from the previous step
Client ID	The Client ID from OneLogin's API credentials created above
Client Secret	The Client Secret from OneLogin's API credentials created above
Group Mapping Strategy	Select how users from OneLogin should be mapped to Apono. The choices are: - Groups: Use the default OneLogin groups for mapping - Roles: Use OneLogin Roles to map users to groups
Custom Manager Attribute Name	If necessary, specify the name of the OneLogin attribute that contains users' manager names. For more information, see below

Submit the form when it has been completed, and the new OneLogin integration should appear immediately. Find the OneLogin item in the Apono catalog and navigate to the Connected tab to confirm that the Apono integration was successful.

More about the Manager Attribute

The Manager Attribute is used by Apono to find each user's manager within the OneLogin system. By specifying a manager attribute name, Apono can accurately locate the manager associated with each user. If the attribute name is not specified, Apono will default to using OneLogin's predefined attribute, which is Manager.

If you prefer not to use OneLogin's default method, you have the option to utilize Custom Attributes in OneLogin to specify the user manager.

Note that the manager attribute must contain either the manager's email address or their ID (OneLogin user ID).

For additional information on how to configure custom attributes in OneLogin, please refer to Custom User Fields in the OneLogin Knowledge Base.

Results

Return to the Integrations page Connected tab where you will see that OneLogin is now active. Click it to view the details of the integration.

Next Steps

With a successful connection to OneLogin, you can now create Access Flows for the resource.

References

Troubleshooting

Refer to Troubleshooting Errors for information about errors that may occur.