OneLogin

OneLogin provides single sign-on (SSO) and identity management for cloud-based applications.

•

Information Stored

•

Minimum Permissions Required

•

Authentication Method

•

Credentials Required

•

Integrating OneLogin with SaaS Management

•

API Endpoints

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task	Information Stored
HR Roster	• Email • First Name • Last Name • Active Date • Department
Application Roster	• User ID • Email • First Name • Last Name • Active Date
Application Access	• User ID • Occurred (Last Login)
Application Discovery	• App ID • SSO Name • App Description
SSO Application Roster	• ID (Application ID) • Name • Icon • UserID • Email • First Name • Last Name • Active Date
SSO Application Access	• User ID • Occurred (SSO sign in to the App) • App ID • SSO Name

Note:The information stored is subject to change as enhancements are made to the product.

Minimum Permissions Required

Minimum API required permissions are based on the Scope and User Role .

Scope

Scope

Scope	Description	Integration Task Name
Read All	This scope provides the necessary permission to perform GET calls to OneLogin APIs.	• HR Roster • Application Roster • Application Access • Application Discovery • SSO Application Roster • SSO Application Access

User Role

User Role

User Role	Description
Account Owner or Administrator	This permission is required to generate the Client Credentials required.

Authentication Method

OAuth2 Client Credentials. For details, refer to the OneLogin instructions in Client Credentials Grant.

Credentials Required

•

Client ID

•

Client Secret

•

Hosted Region (either “us” or “eu”)

Integrating OneLogin with SaaS Management

To integrate OneLogin with SaaS Management, perform the following steps.

To integrate OneLogin with SaaS Management:

1.

Sign in to the OneLogin console with your Administrator or Account Owner credentials.

2.

On the Developers menu, click API Credentials. The API Access screen opens.

3.

Click New Credential. The Create new API credential window opens.

4.

In the Create new API credential window:

a.

Enter a name for the new API credential in the Name field.

b.

Select the radio button Read all permission.

c.

Click Save.

d.

Copy the generated Client ID and Client Secret.

5.

In SaaS Management:

a.

Add the OneLogin application. Refer to Adding an Application.

b.

In the Add Application screen, select the appropriate integration tasks.

c.

Paste the OneLogin generated Client ID in the Client ID field.

d.

Paste the OneLogin generated Client Secret in the Secret ID field.

e.

Enter the Hosted Region for the account (either us or eu).

f.

Click Authorize.

Tip:Once the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For details, refer to Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

API Endpoints

Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/users

Application Access and SSO Application Access

https://api.<<Hosted-Region>>.onelogin.com/api/2/events

SSO Application Discovery

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps

SSO Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps/<<App-ID>>/users