Skip to main content

OneLogin

OneLogin provides single sign-on (SSO) and identity management for cloud-based applications.

The following sections explain prerequisites, resources, and instructions for integrating with SaaS Management.

Stored OneLogin Information

The following table describes the available integration tasks and stored data within SaaS Management.

Available Integration TasksInformation Stored
HR RosterEmail
First Name
Last Name
Active Date
Department
Application RosterUser ID
Email
First Name
Last Name
Active Date
Application AccessUser ID
Occurred (Last Login)
Application DiscoveryApp ID
SSO Name
App Description
SSO Application RosterID (Application ID)
Name
Icon
UserID
Email
First Name
Last Name
Active Date
SSO Application AccessUser ID
Occurred (SSO sign in to the App)
App ID
SSO Name
note

The information stored is subject to change as enhancements are made to the SaaS application.

Required Minimum Permissions for OneLogin

The minimum API required permissions are based on the Required Scope for OneLogin and the Required User Role for OneLogin.

Required Scope for OneLogin

ScopeDescriptionIntegration Task Name
Read AllEnables you to perform GET calls to OneLogin APIs.Application Access
Application Discovery
Application Roster
HR Roster
SSO Application Access
SSO Application Roster

Required User Role for OneLogin

note

The following SaaS application user role is not applicable to Flexera One roles.

User RoleDescription
Account Owner or AdministratorThis permission is required to generate the Client Credentials required.

OneLogin Authentication Method

The required authentication method is OAuth 2.0 With Client Credentials. For more information, see OneLogin’s documentation topic, Client Credentials Grant.

Required Credentials for OneLogin

The following credentials are required:

  • Client ID

  • Client Secret

  • Hosted Region (either us or eu).

Integrating OneLogin With SaaS Management

Complete the following steps to integrate OneLogin with SaaS Management.

  1. Sign in to the OneLogin console with your Administrator or Account Owner credentials.

  2. From the Developers menu in the upper-right corner, select API Credentials. The API Access page opens.

  3. On the API Access page, go to the upper-right corner and click the New Credential button. The Create new API credential dialog opens.

  4. In the Create new API credential dialog:

    1. Enter a Name for the new API credential.
    2. Select the radio button for Read all permission.
    3. Click Save.
    4. Copy and paste the generated Client ID and Client Secret values into a file. In the next step, you will enter these values in SaaS Management.

  5. In SaaS Management:

    1. Add the OneLogin application. For more information, see Adding an Application.
    2. In the Add Application page, select the appropriate integration tasks.
    3. Copy and paste the OneLogin generated Client ID from step 4 into the Client ID field.
    4. Copy and paste the OneLogin generated Client Secret from step 4 into the Secret ID field.
    5. Enter the Hosted Region for the account (either us or eu).
    6. Click Authorize.
    tip

    After the Application Discovery integration task has been enabled after 24 hours, you can add the discovered SSO enabled applications to your list of Managed SaaS Applications. For more information, see Adding Discovered SSO Enabled Applications to Your List of Managed SaaS Applications.

OneLogin API Endpoints

Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/users

Application Access and SSO Application Access

https://api.<<Hosted-Region>>.onelogin.com/api/2/events

SSO Application Discovery

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps

SSO Application Roster

https://api.<<Hosted-Region>>.onelogin.com/api/2/apps/<<App-ID>>/users