Chat now with support
Chat with Support

Identity Manager 9.1.2 - Administration Guide for Integration with OneLogin Cloud Directory

Integration with OneLogin Cloud Directory Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing OneLogin user accounts and employees Managing memberships in OneLogin roles Login information for OneLogin user accounts Mapping OneLogin objects in One Identity Manager
OneLogin domains OneLogin user accounts OneLogin applications OneLogin roles OneLogin authentication methods OneLogin service providers OneLogin clients OneLogin scopes OneLogin policies OneLogin groups OneLogin privileges OneLogin custom user fields Reports about OneLogin objects
Handling of OneLogin objects in the Web Portal Base data for OneLogin domains Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Default template for OneLogin domains

A default project template ensures that all required information is added in One Identity Manager. This includes mappings, workflows, and the synchronization base object. If you do not use a default project template you must declare the synchronization base object in One Identity Manager yourself.

Use a default project template for initially setting up the synchronization project. For custom implementations, you can extend the synchronization project with the Synchronization Editor.

The project template uses mappings for the following schema types.

Table 31: Mapping OneLogin schema types to tables in the One Identity Manager schema
Schema type in OneLogin Table in the One Identity Manager schema

APIAuthorization

OLGAPIAuthorization

Application

OLGApplication

AuthFactor

OLGAuthFactor

Client

OLGClient, OLGClientHasOLGScope

CustomAttribute

OLGCustomAttribute

Event

OLGEvent

Group

OLGGroup

Policy

OLGPolicy

Privilege

OLGPrivilege

Role

OLGRole

RoleAdmin

OLGUserInOLGRoleAdmin

RoleApplication

OLGRoleApplication

Scope

OLGScope

User

OLGUser

UserApplication

OLGUserHasOLGApplication

UserAuthFactor

OLGUserHasOLGAuthFactor

UserCustomAttribute

OLGUserHasOLGCustomAttribute

UserPrivilege

OLGUserHasOLGPrivilege

Editing OneLogin system objects

The following table describes permitted editing methods of OneLogin schema types and names restrictions required by system object processing.

Table 32: Methods available for editing schema types
Type Read Add Delete Refresh

Service provider (APIAuthorization)

Yes

No

No

No

Applications (Application)

Yes

No

No

No

Authentication methods (AuthFactor)

Yes

No

No

No

Clients (Client)

Yes

No

No

No

Custom user fields (CustomAttribute)

Yes

No

No

No

Change history (Event)

Yes

No

No

No

Groups (Group)

Yes

No

No

No

Policies (Policy)

Yes

No

No

No

Privileges (Privilege)

Yes

No

No

No

Roles (Role)

Yes

No

No

No

Administrators for roles (RoleAdmin)

Yes

Yes

Yes

Yes

Role assignments to applications (RoleAppliocation)

Yes

Yes

Yes

Yes

Scopes (Scope)

Yes

No

No

No

User accounts (User)

Yes

Yes

Yes

Yes

Application assignments to user accounts (UserApplication)

Yes

No

No

No

Authentication method assignments to user accounts(UserAuthFactor)

Yes

Yes

Yes

Yes

Custom field assignments to user accounts (UserCustomAttribute)

Yes

No

No

Yes

Privilege assignments to user accounts (UserPrivilege)

Yes

Yes

Yes

Yes

OneLogin connector settings

The following settings are configured for the system connection with the OneLogin connector.

Table 33: OneLogin connector settings

Setting

Description

Authentication URI

Authentication endpoint or URL. URL available for authenticating. Only the part of the URL added to the common part, is required to reach the authentication endpoints. If authentication of another server or another root URL is used for authentication, the full URL must be entered here.

Variable: olgauthendpoint

Client secret (OAuth)

Security token for login.

Variable: olgauthoauthclientsecret

Domain

Full OneLogin domain name, <your domain>.onelogin.com, for example.

Variable: olgrootdn

Grant type (OAuth)

Access type for login.

Variable: olgauthoauthgranttype

HTTP KeepAlive

Specifies whether HTTP connections are kept open. If the option is not set, connections are closed immediately and cannot be used for further queries.

Default: True

Variable: olgkeepalive

Max. parallel queries

Number of target system data queries that can be carried out at simultaneously. Enter a value between 1 and 32.

Default: 0

Variable: olgparallelprocesses

Password (OAuth)

Login password if the client secret is not known.

Variable: olgauthoauthpassword

Read events created since

Used for revision filtering.

Variable: olgeventsincefilter

Scope (OAuth)

Scope parameter valid for target system login. If several parameter apply, separate them with spaces.

Variable: olgauthoauthscope

Service URI

URI of API without version.

Default: api

Variable: olgroot

Use client side cache

Specifies whether the OneLogin connector's local cache is used.

Local cache is used to speed up synchronization. Access to the cloud application is minimized during full synchronization. The option is ignored during provisioning. It does not make sense to use the cache during synchronization with revision filtering. If the target system supports revision filtering, disable the option after initial synchronization.

Default: True

Variable: olgusecache

User name (OAuth)

User name if the client secret is not known.

Variable: olgauthoauthusername

Application/Client ID

Client ID for the application.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating