A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.
Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.
The project template uses mappings for the following schema types.
Table 31: Mapping OneLogin schema types to tables in the One Identity Manager schema
|
APIAuthorization |
OLGAPIAuthorization |
|
Application |
OLGApplication |
|
AuthFactor |
OLGAuthFactor |
|
Client |
OLGClient, OLGClientHasOLGScope |
|
CustomAttribute |
OLGCustomAttribute |
|
Event |
OLGEvent |
|
Group |
OLGGroup |
|
Policy |
OLGPolicy |
|
Privilege |
OLGPrivilege |
|
Role |
OLGRole |
|
RoleAdmin |
OLGUserInOLGRoleAdmin |
|
RoleApplication |
OLGRoleApplication |
|
Scope |
OLGScope |
|
User |
OLGUser |
|
UserApplication |
OLGUserHasOLGApplication |
|
UserAuthFactor |
OLGUserHasOLGAuthFactor |
|
UserCustomAttribute |
OLGUserHasOLGCustomAttribute |
|
UserPrivilege |
OLGUserHasOLGPrivilege |
The following table describes permitted editing methods of OneLogin schema types and names restrictions required by system object processing.
Table 32: Methods available for editing schema types
|
Service provider (APIAuthorization) |
Yes |
No |
No |
No |
|
Applications (Application) |
Yes |
No |
No |
No |
|
Authentication methods (AuthFactor) |
Yes |
No |
No |
No |
|
Clients (Client) |
Yes |
No |
No |
No |
|
Custom user fields (CustomAttribute) |
Yes |
No |
No |
No |
|
Change history (Event) |
Yes |
No |
No |
No |
|
Groups (Group) |
Yes |
No |
No |
No |
|
Policies (Policy) |
Yes |
No |
No |
No |
|
Privileges (Privilege) |
Yes |
No |
No |
No |
|
Roles (Role) |
Yes |
No |
No |
No |
|
Administrators for roles (RoleAdmin) |
Yes |
Yes |
Yes |
Yes |
|
Role assignments to applications (RoleAppliocation) |
Yes |
Yes |
Yes |
Yes |
|
Scopes (Scope) |
Yes |
No |
No |
No |
|
User accounts (User) |
Yes |
Yes |
Yes |
Yes |
|
Application assignments to user accounts (UserApplication) |
Yes |
No |
No |
No |
|
Authentication method assignments to user accounts(UserAuthFactor) |
Yes |
Yes |
Yes |
Yes |
|
Custom field assignments to user accounts (UserCustomAttribute) |
Yes |
No |
No |
Yes |
|
Privilege assignments to user accounts (UserPrivilege) |
Yes |
Yes |
Yes |
Yes |
The following settings are configured for the system connection with the OneLogin connector.
Table 33: OneLogin connector settings
|
Authentication URI |
Authentication endpoint or URL. URL available for authenticating. Only the part of the URL added to the common part, is required to reach the authentication endpoints. If authentication of another server or another root URL is used for authentication, the full URL must be entered here.
Variable: olgauthendpoint |
|
Client secret (OAuth) |
Security token for login.
Variable: olgauthoauthclientsecret |
|
Domain |
Full OneLogin domain name, <your domain>.onelogin.com, for example.
Variable: olgrootdn |
|
Grant type (OAuth) |
Access type for login.
Variable: olgauthoauthgranttype |
|
HTTP KeepAlive |
Specifies whether HTTP connections are kept open. If the option is not set, connections are closed immediately and cannot be used for further queries.
Default: True
Variable: olgkeepalive |
|
Max. parallel queries |
Number of target system data queries that can be carried out at simultaneously. Enter a value between 1 and 32.
Default: 0
Variable: olgparallelprocesses |
| Password (OAuth) |
Login password if the client secret is not known.
Variable: olgauthoauthpassword |
|
Read events created since |
Used for revision filtering.
Variable: olgeventsincefilter |
| Scope (OAuth) |
Scope parameter valid for target system login. If several parameter apply, separate them with spaces.
Variable: olgauthoauthscope |
|
Service URI |
URI of API without version.
Default: api
Variable: olgroot |
|
Use client side cache |
Specifies whether the OneLogin connector's local cache is used.
Local cache is used to speed up synchronization. Access to the cloud application is minimized during full synchronization. The option is ignored during provisioning. It does not make sense to use the cache during synchronization with revision filtering. If the target system supports revision filtering, disable the option after initial synchronization.
Default: True
Variable: olgusecache |
|
User name (OAuth) |
User name if the client secret is not known.
Variable: olgauthoauthusername |
|
Application/Client ID |
Client ID for the application. |
