It is time to add another installment of the OneLogin integrations with the Unified Identity Security Platform solutions. Today’s installment is a look at how to configure Single Sign-On from OneLogin to One Identity Manager. One of OneLogin’s core features is providing users with the ability to log in to thousands of applications using a single set of credentials, ideally requiring MFA to ensure a more secure login flow. Identity Manager is One Identity’s leading Identity and Governance Administration solution that enables organizations to govern and secure their data and users. Configuring logging in to Identity Manager’s web portal from OneLogin could not be simpler or more secure and will ensure a secure login process. (We really like to stick to that Simple and Secure Login flow.)
Figure 1: SSO from OneLogin to One Identity Manager
Once this integration is configured, then the login flow will work in one of two ways:
Identity Provider (IdP) Initiated
- A user logs into OneLogin and clicks on a One Identity Manager app tile in the OneLogin User Portal.
- OneLogin forwards information about the user to Identity Manager.
- Because Identity Manager is configured to trust authentication requests from OneLogin AND the user matches to an existing user in Identity Manager, the user is granted access.
- A new tab pops up and the user is logged into the Identity Manager Web Portal.
Service Provider (SP) Initiated
- A user goes to their Identity Manager Web Portal.
- Identity Manager sends an authentication request to OneLogin.
- If the user is not already logged in to OneLogin they will be prompted to do so.
- OneLogin sends an acknowledgement back to One Identity Manager that the user has logged in successfully along with identifying information of the user.
How to Configure the Login to One Identity Manager
All you need to get started is a OneLogin account and an installation of Identity Manager, then there are three major steps:
- Add the One Identity Manager app connector to your OneLogin account
- Add OneLogin as an Identity Provider (IdP) in Identity Manager
- Assign the new app to your users in OneLogin
Add the One Identity Manager app connector to your OneLogin account
The process to add Identity Manager takes just a few seconds.
- From the OneLogin Administration UI go to Applications > Applications.
- Click on Add App.
- Type “One Identity” in the Search box.
- Select the One Identity Manager app connector.
- Change the name if you wish and click Save.
- Click on the Configuration tab.
- Fill in the Login Url field and the Redirect URLs field with the URI of the Identity Manager web portal for your environment. The only trick is you need to add an additional URI to the Redirect URLs that has /page.axd at the end.
- Click Save.
Now, all you need to do is keep the SSO tab open because you are going to need to copy a few values from this tab into the Identity Manager configuration pages.
Add OneLogin as an Identity Provider (IdP) in Identity Manager
On the Identity Manager side, you will need to make sure that it is enabled for OAuth 2.0/OpenID Connect (role-based) Authentication Module is enabled.
Figure 2: Identity Manager Designer
Assign the new app to your users in OneLogin
If the user’s email address in OneLogin matches the email address they have specified in One Identity Manager and the One Identity Manager App connector in OneLogin has been assigned to the user, either directly or through a OneLogin role, the users will be able to easily log in to the One Identity Web Portal.
Figure 3: OneLogin User Record Application Tab
You can find more detailed instructions here.
This is a simple and valuable Single Sign-On integration. We have several exciting integrations that are just on the horizon. Stay tuned for more as we continue to deliver you a Unified Identity Security Platform.