Part 1 - OneLogin
1. Log in to your OneLogin subscription
https://<domain>.onelogin.com;
2. Go to
Developers |
API Credentials;
3. Click New Credential button on the right side top;
4. On the Create new API credential window, name as desired and make sure the Manage All permission is selected;
5. Once it is saved, the
Client Id and
Client Secret hash will be generated.
Part 2 - Password Manager
1. Log in to your Password Manager Admin Portal | General Settings | Secure Token Server and authenticate with the credentials;
2. On the home click on Authentication Providers;
3. Click on the Authentication Provider Default Active Directory or add a new one if desired;
4. Click on Two Factor Authentication settings;
5. Select OneLogin MFA as a 2FA provider;
6. Enter the Client Id and Client Secret generated in step 4 Part 1 along with the DNS hostname and User ID Attribute configured in Active Directory which contains the same OneLoginID value;
The screenshot below shows a sample of how it must be configured.
The sample below shows how the user is configured in OneLogin and Active Directory.
User synchronized with OneLogin tenant
User in Active Directory
7. Go back to
Home on the PMAdmin portal and click on the
Workflow where the MFA activity must be configured;
8.
Drag and drop the activity
Authenticate with external provider where the MFA must be requested. In the sample below, the user will be requested the OTP post authenticated in the self-service once the Wokflow
Manage My Profile is accessed;
9. Click Settings on the activity and select the External Provider configured on step 3 and click Ok;
10. Click
Save and launch the self-service site to test it.
Note: The Rsts feature can only be used on the new PM Self-Service site to authenticate users in a workflow. The legacy self-service website (/PMUser) is no longer supported.
For additional details, please refer to our online documentation at this
link.
