OneLogin is an identity and access management (IAM) platform that offers single sign-on (SSO), multi-factor authentication (MFA), user   provisioning, and directory integration. It helps organizations securely manage user access to applications and data. More information can be found  at Onelogin website.

Integration Method: API

Tables: Account Change (3001), Application lifecycle (6002), Authentication (3002), User Access Management (3005), User Inventory Info (5003).

List of events supported by this integration.

This integration supports the following versions

This integration has been tested with OneLogin APIs, using version v1.0 for Events and version v2.0 for Apps, Users, User Apps, and User MFA Devices.

Prerequisites

• User should have access to the OneLogin Administration Portal using the user account credentials having Super User privileges.

• User should have access to the DataBee console.

Configuration Overview

1. Generate API credentials on the OneLogin console with the required scopes

2. Create Onelogin Data Feed in the DataBee console with the required Client credentials.

OneLogin Configuration

1. Log on to OneLogin Administration Portal using the user account credentials with Super User privileges.

2. Get the Onelogin instance from the URL as highlighted below.

3. Navigate to Developers > API Credentials. The API Access page window will appear.

4. On API Access page, click on the New Credentials button. The Create new API credential form will pop up.

5. On Create new API credential form:

   1. Enter an appropriate name for the API credentials.

   2. Select Read all option. Click on the Save button.

7. Once it is successfully saved, you will see the Client ID and Client Secret credentials in the popup.

   1. Copy these credentials for later use.

   2. Click on the Done button to complete credentials creation process

DataBee Configuration

1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

2. Search for the OneLogin and select it.

1. Click on the API Ingest.

3. Enter basic contact information in the contact form and click on the Next button.

4. In the configuration dialog, enter the following:

   • API Base URL: Replace the <instance> placeholder with your Onelogin instance

   • Client Key: Paste the Client ID generated previously

   • Client Secret: Paste the Client Secret generated previously

   • Token URL: Replace the <instance> placeholder with your Onelogin instance

   • Select the event types. It is prepopulated with all supported event types.

5. Click Submit

Troubleshooting Tips

• Verify Client Credentials and Instance

Ensure the client key, client secret, and instance URL are correctly pasted. Since the client key and secret are only visible at the time of creation, recreate them if needed. Copy the newly generated credentials to a text editor to check for extra spaces or unexpected characters.

Once verified, reconfigure the DataBee feed with the correct credentials.

• Verify OneLogin Scope

Check that the OneLogin API credentials have the necessary scope. If needed, update the API credentials' scope in the OneLogin Console, save the changes, and retry the integration.