OneLogin

OneLogin provides single sign-on (SSO) and identity management for cloud-based applications.

Information Stored
Minimum Permissions Required
Authentication Method
Credentials Required
Integrating OneLogin with SaaS Management
API Endpoints

Information Stored

The following table describes the available integration tasks and stored data.

Available Integration Tasks

Integration Task

Information Stored

HR Roster

Email
First Name
Last Name
Active Date
Department

Application Roster

User ID
Email
First Name
Last Name
Active Date

Application Access

User ID
Occurred (Last Login)

Application Discovery

App ID
SSO Name
App Description

SSO Application Roster

ID (Application ID)
Name
Icon
UserID
Email
First Name
Last Name
Active Date

SSO Application Access

User ID
Occurred (SSO sign in to the App)
App ID
SSO Name

Note:The information stored is subject to change as enhancements are made to the product.

Minimum Permissions Required

Minimum API required permissions are based on the Scope and User Role .

Scope

Scope

Scope

Description

Integration Task Name

Read All

This scope provides the necessary permission to perform GET calls to OneLogin APIs.

HR Roster
Application Roster
Application Access
Application Discovery
SSO Application Roster
SSO Application Access

User Role

User Role

User Role

Description

Account Owner or Administrator

This permission is required to generate the Client Credentials required.

Authentication Method

OAuth2 Client Credentials. For details, refer to the OneLogin instructions in Client Credentials Grant.

Credentials Required

Client ID
Client Secret
Hosted Region (either “us” or “eu”)

Integrating OneLogin with SaaS Management

To integrate OneLogin with SaaS Management, perform the following steps.

To integrate OneLogin with SaaS Management:

1. Sign in to the OneLogin console with your Administrator or Account Owner credentials.
2. On the Developers menu, click API Credentials. The API Access screen opens.

3. Click New Credential. The Create new API credential window opens.

4. In the Create new API credential window:
a. Enter a name for the new API credential in the Name field.
b. Select the radio button Read all permission.
c. Click Save.
d. Copy the generated Client ID and Client Secret.

5. In SaaS Management:
a. Add the OneLogin application. Refer to Adding an Application.
b. In the Add Application screen, select the appropriate integration tasks.
c. Paste the OneLogin generated Client ID in the Client ID field.
d. Paste the OneLogin generated Client Secret in the Secret ID field.
e. Enter the Hosted Region for the account (either us or eu).
f. Click Authorize.

Tip:Once the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For details, refer to Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

API Endpoints

Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/users

Application Access and SSO Application Access

https://api.<<Hosted-Region>>.onelogin.com/api/2/events

SSO Application Discovery

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps

SSO Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps/<<App-ID>>/users