Supported objects and operations
The OneLogin connector allows you to connect OneLogin with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by OneLogin.
OneLogin is a Unified Access Management (UAM) platform that provides several products and solutions, such as single sign-on, user provisioning and management and multi-factor authentication to manage identities.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Users
Table 264: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User by id |
GET |
Get All Users |
GET |
Get All Users with pagination |
GET |
Groups
Table 265: Supported operations for Groups
Get Group by id |
GET |
Get All Groups |
GET |
Get All Groups with pagination |
GET |
Roles
Table 266: Supported operations for Roles
Get Role by id |
GET |
Get All Roles |
GET |
Get All Roles with pagination |
GET |
Update Role |
PUT |
Application
Table 267: Supported operations for Application
Get an App |
GET |
List Apps |
GET |
List Apps with pagination |
GET |
Mandatory fields
This section lists the mandatory fields required to create a User or a Group:
Users - Create (in v.1.0)
-
userName
-
name.givenName
-
name.familyName
- emails.value
Users - Create (in v.2.0)
Users - Update
userName or emails.value
Roles - Update
roleName
Set Role Apps - update
application id
Mappings
The user and group mappings are listed in the tables below.
Table 268: User mapping
Id |
Id |
UserName |
username |
ExternalId |
external_id |
Name.GivenName |
firstname |
Name.FamilyName |
lastname |
Name.Formatted |
firstname +" " + lastname |
DisplayName |
firstname +" " + lastname |
Emails[0].Value |
email |
PhoneNumbers[0].Value |
phone |
Title |
title |
Roles[].Value |
role_id[] |
Groups[0].value |
group_id |
Locale |
locale_code(in v1),preferred_locale_code(in v2) |
Password (only in v2.0) |
password |
Extension.Manager.Value |
manager_user_id |
Extension.Organization |
company |
Extension.Department |
department |
Extension.OpenIdName |
openid_name |
Extension.DistinguishedName |
distinguished_name |
Extension.SamAccountName |
samaccountname |
Extension.UserPrincipalName |
userprincipalname |
Extension.MemberOf |
member_of |
Extension.DirectoryId |
directory_id |
Extension.UserStatus |
status |
Extension.LastLogin |
last_login |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
Groups
Table 269: Group mapping
Id |
id |
DisplayName |
name |
Roles
Table 270: Role mapping
Id |
id |
Name |
name |
Applications[].value |
apps[].id |
Applications[].name |
apps[].name |
users[].value |
users[].id |
users[].name |
users[].name |
Application
Table 271: Role mapping
Id |
id |
Name |
name |
Description |
description |
Auth_Method |
auth_method |
Visible |
visible |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
NOTE: OneLogin API for Users accepts two letter values for locale, for example: "en", "es" and so on.
Connector limitations
- Target cloud application supports below given integer value for Status field. OneIdentity has created 'userStatus' integer type attribute in User extension schema and mapped with 'status' and it needs to be taken care in OneIM mapping:
-
(in v.1.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4
-
Cannot set through Api → Awaiting password reset: 5, Pending password: 7, Security questions required: 8
-
(in v.2.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4, Awaiting password reset: 5, Pending password: 7
-
Cannot set through Api → Security questions required: 8
-
Adding or removing a Group can be achieved by using the User update operation. Only one group can be assigned to a User.
- For the User object, when NULL value is updated to openid_name, the cloud application considers the first part of the email Id as openid_name. For example, for the email id, email123@test.com , openIdname value will be email123.
-
API does not support the assignment of applications under users what it support is assigning application under roles and assigning roles under user.
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in OneLogin v.2.0
Following are the features that are available exclusively in OneLogin v.2.0:
User centric membership configuration for OneLogin
For more information, see only the following sections in User centric membership:
Mandatory fields
The OneLogin connector allows you to connect OneLogin with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by OneLogin.
OneLogin is a Unified Access Management (UAM) platform that provides several products and solutions, such as single sign-on, user provisioning and management and multi-factor authentication to manage identities.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 264: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User by id |
GET |
Get All Users |
GET |
Get All Users with pagination |
GET |
Groups
Table 265: Supported operations for Groups
Get Group by id |
GET |
Get All Groups |
GET |
Get All Groups with pagination |
GET |
Roles
Table 266: Supported operations for Roles
Get Role by id |
GET |
Get All Roles |
GET |
Get All Roles with pagination |
GET |
Update Role |
PUT |
Application
Table 267: Supported operations for Application
Get an App |
GET |
List Apps |
GET |
List Apps with pagination |
GET |
This section lists the mandatory fields required to create a User or a Group:
Users - Create (in v.1.0)
-
userName
-
name.givenName
-
name.familyName
- emails.value
Users - Create (in v.2.0)
Users - Update
userName or emails.value
Roles - Update
roleName
Set Role Apps - update
application id
Mappings
The user and group mappings are listed in the tables below.
Table 268: User mapping
Id |
Id |
UserName |
username |
ExternalId |
external_id |
Name.GivenName |
firstname |
Name.FamilyName |
lastname |
Name.Formatted |
firstname +" " + lastname |
DisplayName |
firstname +" " + lastname |
Emails[0].Value |
email |
PhoneNumbers[0].Value |
phone |
Title |
title |
Roles[].Value |
role_id[] |
Groups[0].value |
group_id |
Locale |
locale_code(in v1),preferred_locale_code(in v2) |
Password (only in v2.0) |
password |
Extension.Manager.Value |
manager_user_id |
Extension.Organization |
company |
Extension.Department |
department |
Extension.OpenIdName |
openid_name |
Extension.DistinguishedName |
distinguished_name |
Extension.SamAccountName |
samaccountname |
Extension.UserPrincipalName |
userprincipalname |
Extension.MemberOf |
member_of |
Extension.DirectoryId |
directory_id |
Extension.UserStatus |
status |
Extension.LastLogin |
last_login |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
Groups
Table 269: Group mapping
Id |
id |
DisplayName |
name |
Roles
Table 270: Role mapping
Id |
id |
Name |
name |
Applications[].value |
apps[].id |
Applications[].name |
apps[].name |
users[].value |
users[].id |
users[].name |
users[].name |
Application
Table 271: Role mapping
Id |
id |
Name |
name |
Description |
description |
Auth_Method |
auth_method |
Visible |
visible |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
NOTE: OneLogin API for Users accepts two letter values for locale, for example: "en", "es" and so on.
Connector limitations
- Target cloud application supports below given integer value for Status field. OneIdentity has created 'userStatus' integer type attribute in User extension schema and mapped with 'status' and it needs to be taken care in OneIM mapping:
-
(in v.1.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4
-
Cannot set through Api → Awaiting password reset: 5, Pending password: 7, Security questions required: 8
-
(in v.2.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4, Awaiting password reset: 5, Pending password: 7
-
Cannot set through Api → Security questions required: 8
-
Adding or removing a Group can be achieved by using the User update operation. Only one group can be assigned to a User.
- For the User object, when NULL value is updated to openid_name, the cloud application considers the first part of the email Id as openid_name. For example, for the email id, email123@test.com , openIdname value will be email123.
-
API does not support the assignment of applications under users what it support is assigning application under roles and assigning roles under user.
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in OneLogin v.2.0
Following are the features that are available exclusively in OneLogin v.2.0:
User centric membership configuration for OneLogin
For more information, see only the following sections in User centric membership:
Mappings
The OneLogin connector allows you to connect OneLogin with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by OneLogin.
OneLogin is a Unified Access Management (UAM) platform that provides several products and solutions, such as single sign-on, user provisioning and management and multi-factor authentication to manage identities.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 264: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User by id |
GET |
Get All Users |
GET |
Get All Users with pagination |
GET |
Groups
Table 265: Supported operations for Groups
Get Group by id |
GET |
Get All Groups |
GET |
Get All Groups with pagination |
GET |
Roles
Table 266: Supported operations for Roles
Get Role by id |
GET |
Get All Roles |
GET |
Get All Roles with pagination |
GET |
Update Role |
PUT |
Application
Table 267: Supported operations for Application
Get an App |
GET |
List Apps |
GET |
List Apps with pagination |
GET |
Mandatory fields
This section lists the mandatory fields required to create a User or a Group:
Users - Create (in v.1.0)
-
userName
-
name.givenName
-
name.familyName
- emails.value
Users - Create (in v.2.0)
Users - Update
userName or emails.value
Roles - Update
roleName
Set Role Apps - update
application id
The user and group mappings are listed in the tables below.
Table 268: User mapping
Id |
Id |
UserName |
username |
ExternalId |
external_id |
Name.GivenName |
firstname |
Name.FamilyName |
lastname |
Name.Formatted |
firstname +" " + lastname |
DisplayName |
firstname +" " + lastname |
Emails[0].Value |
email |
PhoneNumbers[0].Value |
phone |
Title |
title |
Roles[].Value |
role_id[] |
Groups[0].value |
group_id |
Locale |
locale_code(in v1),preferred_locale_code(in v2) |
Password (only in v2.0) |
password |
Extension.Manager.Value |
manager_user_id |
Extension.Organization |
company |
Extension.Department |
department |
Extension.OpenIdName |
openid_name |
Extension.DistinguishedName |
distinguished_name |
Extension.SamAccountName |
samaccountname |
Extension.UserPrincipalName |
userprincipalname |
Extension.MemberOf |
member_of |
Extension.DirectoryId |
directory_id |
Extension.UserStatus |
status |
Extension.LastLogin |
last_login |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
Groups
Table 269: Group mapping
Id |
id |
DisplayName |
name |
Roles
Table 270: Role mapping
Id |
id |
Name |
name |
Applications[].value |
apps[].id |
Applications[].name |
apps[].name |
users[].value |
users[].id |
users[].name |
users[].name |
Application
Table 271: Role mapping
Id |
id |
Name |
name |
Description |
description |
Auth_Method |
auth_method |
Visible |
visible |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
NOTE: OneLogin API for Users accepts two letter values for locale, for example: "en", "es" and so on.
Connector limitations
- Target cloud application supports below given integer value for Status field. OneIdentity has created 'userStatus' integer type attribute in User extension schema and mapped with 'status' and it needs to be taken care in OneIM mapping:
-
(in v.1.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4
-
Cannot set through Api → Awaiting password reset: 5, Pending password: 7, Security questions required: 8
-
(in v.2.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4, Awaiting password reset: 5, Pending password: 7
-
Cannot set through Api → Security questions required: 8
-
Adding or removing a Group can be achieved by using the User update operation. Only one group can be assigned to a User.
- For the User object, when NULL value is updated to openid_name, the cloud application considers the first part of the email Id as openid_name. For example, for the email id, email123@test.com , openIdname value will be email123.
-
API does not support the assignment of applications under users what it support is assigning application under roles and assigning roles under user.
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in OneLogin v.2.0
Following are the features that are available exclusively in OneLogin v.2.0:
User centric membership configuration for OneLogin
For more information, see only the following sections in User centric membership:
Connector limitations
The OneLogin connector allows you to connect OneLogin with One Identity Starling enabling you to take advantage of the features and products available with Starling Connect that complement and enhance the services provided by OneLogin.
OneLogin is a Unified Access Management (UAM) platform that provides several products and solutions, such as single sign-on, user provisioning and management and multi-factor authentication to manage identities.
Supervisor configuration parameters
To configure the connector, following parameters are required:
Supported objects and operations
Users
Table 264: Supported operations for Users
Create User |
POST |
Update User |
PUT |
Delete User |
DELETE |
Get User by id |
GET |
Get All Users |
GET |
Get All Users with pagination |
GET |
Groups
Table 265: Supported operations for Groups
Get Group by id |
GET |
Get All Groups |
GET |
Get All Groups with pagination |
GET |
Roles
Table 266: Supported operations for Roles
Get Role by id |
GET |
Get All Roles |
GET |
Get All Roles with pagination |
GET |
Update Role |
PUT |
Application
Table 267: Supported operations for Application
Get an App |
GET |
List Apps |
GET |
List Apps with pagination |
GET |
Mandatory fields
This section lists the mandatory fields required to create a User or a Group:
Users - Create (in v.1.0)
-
userName
-
name.givenName
-
name.familyName
- emails.value
Users - Create (in v.2.0)
Users - Update
userName or emails.value
Roles - Update
roleName
Set Role Apps - update
application id
Mappings
The user and group mappings are listed in the tables below.
Table 268: User mapping
Id |
Id |
UserName |
username |
ExternalId |
external_id |
Name.GivenName |
firstname |
Name.FamilyName |
lastname |
Name.Formatted |
firstname +" " + lastname |
DisplayName |
firstname +" " + lastname |
Emails[0].Value |
email |
PhoneNumbers[0].Value |
phone |
Title |
title |
Roles[].Value |
role_id[] |
Groups[0].value |
group_id |
Locale |
locale_code(in v1),preferred_locale_code(in v2) |
Password (only in v2.0) |
password |
Extension.Manager.Value |
manager_user_id |
Extension.Organization |
company |
Extension.Department |
department |
Extension.OpenIdName |
openid_name |
Extension.DistinguishedName |
distinguished_name |
Extension.SamAccountName |
samaccountname |
Extension.UserPrincipalName |
userprincipalname |
Extension.MemberOf |
member_of |
Extension.DirectoryId |
directory_id |
Extension.UserStatus |
status |
Extension.LastLogin |
last_login |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
Groups
Table 269: Group mapping
Id |
id |
DisplayName |
name |
Roles
Table 270: Role mapping
Id |
id |
Name |
name |
Applications[].value |
apps[].id |
Applications[].name |
apps[].name |
users[].value |
users[].id |
users[].name |
users[].name |
Application
Table 271: Role mapping
Id |
id |
Name |
name |
Description |
description |
Auth_Method |
auth_method |
Visible |
visible |
Meta.Created |
created_at |
Meta.LastModified |
updated_at |
NOTE: OneLogin API for Users accepts two letter values for locale, for example: "en", "es" and so on.
- Target cloud application supports below given integer value for Status field. OneIdentity has created 'userStatus' integer type attribute in User extension schema and mapped with 'status' and it needs to be taken care in OneIM mapping:
-
(in v.1.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4
-
Cannot set through Api → Awaiting password reset: 5, Pending password: 7, Security questions required: 8
-
(in v.2.0):
-
Can set through Api → Unactivated: 0, Active: 1, Suspended: 2, Locked: 3, Password expired: 4, Awaiting password reset: 5, Pending password: 7
-
Cannot set through Api → Security questions required: 8
-
Adding or removing a Group can be achieved by using the User update operation. Only one group can be assigned to a User.
- For the User object, when NULL value is updated to openid_name, the cloud application considers the first part of the email Id as openid_name. For example, for the email id, email123@test.com , openIdname value will be email123.
-
API does not support the assignment of applications under users what it support is assigning application under roles and assigning roles under user.
Connector versions and features
The following subsections describe the different connector version(s) and features available with them.
Features available exclusively in OneLogin v.2.0
Following are the features that are available exclusively in OneLogin v.2.0:
User centric membership configuration for OneLogin
For more information, see only the following sections in User centric membership: