OneLogin
OneLogin provides single sign-on (SSO) and identity management for cloud-based applications.
The following sections provide prerequisites, resources, and instructions for integrating with SaaS Management.
| • | Stored OneLogin Information |
| • | Required Minimum Permissions for OneLogin |
| • | OneLogin Authentication Method |
| • | Required Credentials for OneLogin |
| • | Integrating OneLogin With SaaS Management |
| • | OneLogin API Endpoints |
The following table describes the available integration tasks and stored data.
|
Available Integration Tasks |
Information Stored |
||||||||||||||||||||||||
|
HR Roster |
|
||||||||||||||||||||||||
|
Application Roster |
|
||||||||||||||||||||||||
|
Application Access |
|
||||||||||||||||||||||||
|
Application Discovery |
|
||||||||||||||||||||||||
|
SSO Application Roster |
|
||||||||||||||||||||||||
|
SSO Application Access |
|
Note:The information stored is subject to change as enhancements are made to the SaaS application.
Required Minimum Permissions for OneLogin
Minimum API required permissions are based on the Required Scope for OneLogin and the Required User Role for OneLogin .
|
Scope |
Description |
Integration Task Name |
||||||||||||||||||
|
Read All |
This scope provides the necessary permission to perform GET calls to OneLogin APIs. |
|
Required User Role for OneLogin
Note:The following SaaS application user role is not applicable to Flexera One roles.
|
User Role |
Description |
|
Account Owner or Administrator |
This permission is required to generate the Client Credentials required. |
OneLogin Authentication Method
OAuth2 Client Credentials. For details, see the OneLogin instructions in Client Credentials Grant.
Required Credentials for OneLogin
| • | Client ID |
| • | Client Secret |
| • | Hosted Region (either “us” or “eu”) |
Integrating OneLogin With SaaS Management
Complete the following steps to integrate OneLogin with SaaS Management.
To integrate OneLogin with SaaS Management:
| 1. | Sign in to the OneLogin console with your Administrator or Account Owner credentials. |
| 2. | From the Developers menu in the upper-right corner, select API Credentials. The API Access page opens. |
| 3. | On the API Access page, go to the upper-right corner and click the New Credential button. The Create new API credential dialog opens. |
| 4. | In the Create new API credential dialog: |
| a. | Enter a Name for the new API credential. |
| b. | Select the radio button for Read all permission. |
| c. | Click Save. |
| d. | Copy and paste the generated Client ID and Client Secret values into a file. In the next step, you will enter these values in SaaS Management. |
| 5. | In SaaS Management: |
| a. | Add the OneLogin application. For details, see Adding an Application. |
| b. | In the Add Application page, select the appropriate integration tasks. |
| c. | Copy and paste the OneLogin generated Client ID from step 4 into the Client ID field. |
| d. | Copy and paste the OneLogin generated Client Secret from step 4 into the Secret ID field. |
| e. | Enter the Hosted Region for the account (either us or eu). |
| f. | Click Authorize. |
Tip:After the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For details, see Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.
Application Roster
https://api.<<Hosted-Region>>.onelogin.com/api/2/users
Application Access and SSO Application Access
https://api.<<Hosted-Region>>.onelogin.com/api/2/events
SSO Application Discovery
https://api.<<Hosted-Region>>.onelogin.com/api/2/apps
SSO Application Roster
https://api.<<Hosted-Region>>.onelogin.com/api/2/apps/<<App-ID>>/users