Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Identity Manager 9.1 - Administration Guide for Integration with OneLogin Cloud Directory

Table of Contents

Integration with OneLogin Cloud Directory

Architecture overview One Identity Manager users for managing a OneLogin domain Configuration parameters for managing OneLogin environments

Synchronizing a OneLogin domain

Setting up initial synchronization with a OneLogin domain

Users and permissions for synchronizing with a OneLogin domain Setting up a synchronization server for OneLogin domains

System requirements for the OneLogin synchronization server Installing One Identity Manager Service with a OneLogin connector

Creating a synchronization project for initial synchronization of a OneLogin domain

Information required to set up a synchronization project Creating an initial synchronization project for OneLogin domains

Configuring the synchronization log

Customizing the synchronization configuration

Configuring synchronization in OneLogin domains Configuring synchronization of several OneLogin domains Changing system connection settings of OneLogin domains

Editing connection parameters in the variable set Editing target system connection properties

Updating schemas Speeding up synchronization with revision filtering Configuring the provisioning of memberships Configuring single object synchronization Accelerating provisioning and single object synchronization

Running synchronization

Starting synchronization Deactivating synchronization Displaying synchronization results Synchronizing single objects

Tasks following synchronization

Post-processing outstanding objects Adding custom tables to the target system synchronization Managing OneLogin user accounts through account definitions

Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)

Managing OneLogin user accounts and employees

Account definitions for OneLogin user accounts

Creating account definitions Editing account definitions Main data for an account definition Editing manage levels Creating manage levels Assigning manage levels to account definitions Main data for manage levels Creating mapping rules for IT operating data Entering IT operating data Modify IT operating data Assigning account definitions to employees

Assigning account definitions to departments, cost centers, and locations Assigning account definitions to business roles Assigning account definitions to all employees Assigning account definitions directly to employees Assigning account definitions to system roles Adding account definitions to the IT Shop

Assigning account definitions to OneLogin domains Deleting account definitions

Assigning employees automatically to OneLogin user accounts

Editing search criteria for automatic employee assignment Finding employees and directly assigning them to user accounts Changing manage levels for OneLogin user accounts

Supported user account types

Default user accounts Administrative user accounts

Providing administrative user accounts for one employee Providing administrative user accounts for several employees

Privileged user accounts

Specifying deferred deletion for OneLogin user accounts

Managing memberships in OneLogin roles

Assigning OneLogin roles to OneLogin user accounts

Prerequisites for indirect assignment of OneLogin roles to OneLogin user accounts Assigning OneLogin roles to departments, cost centers and locations Assigning OneLogin roles to business roles Adding OneLogin roles to system roles Adding OneLogin roles to the IT Shop

Removing OneLogin roles from an IT Shop shelf Removing OneLogin roles from all IT Shop shelves

Assigning OneLogin user accounts directly to OneLogin roles Assigning OneLogin roles directly to OneLogin user accounts

Effectiveness of membership in OneLogin roles OneLogin role inheritance based on categories Overview of all assignments

Login information for OneLogin user accounts

Password policies for OneLogin user accounts

Predefined password policies Using password policies Creating password policies Editing password policies General main data for password policies Character classes for passwords Policy settings Custom scripts for password requirements

Checking passwords with a script Generating passwords with a script

Password exclusion list Checking a password Testing password generation

Initial password for new OneLogin user accounts

Mapping OneLogin objects in One Identity Manager

OneLogin domains

Creating OneLogin domains Editing main data of OneLogin domains General main data for OneLogin domains Defining categories for the inheritance of entitlements Editing the synchronization project for a OneLogin domain Displaying the OneLogin domain overview

OneLogin user accounts

Creating OneLogin user accounts Editing main data of OneLogin user accounts General main data of OneLogin user accounts Login credentials for OneLogin user accounts Information about OneLogin user accounts' directory Information about the OneLogin user accounts' company Changing custom user fields for OneLogin user accounts Assigning extended properties to OneLogin user accounts Deleting and restoring OneLogin user accounts Displaying the OneLogin user account overview

OneLogin applications

Editing master data for OneLogin applications General main data for OneLogin applications Assigning extended properties to OneLogin application Displaying OneLogin application overviews

Editing main data of OneLogin roles General main data of OneLogin roles Assigning extended properties to OneLogin roles Displaying the OneLogin role overview

OneLogin authentication methods OneLogin service providers OneLogin clients OneLogin scopes OneLogin policies OneLogin groups OneLogin privileges OneLogin custom user fields

Handling of OneLogin objects in the Web Portal Base data for OneLogin domains

Target system managers Job server for OneLogin-specific process handling

General main data for a Job server Server functions of a Job server

Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Editing OneLogin system objects

The following table describes permitted editing methods of OneLogin schema types and names restrictions required by system object processing.

Table 30: Methods available for editing schema types
Type	Read	Add	Delete	Refresh
Service provider (APIAuthorization)	Yes	No	No	No
Applications (Application)	Yes	No	No	No
Authentication methods (AuthFactor)	Yes	No	No	No
Clients (Client)	Yes	No	No	No
Custom user fields (CustomAttribute)	Yes	No	No	No
Change history (Event)	Yes	No	No	No
Groups (Group)	Yes	No	No	No
Policies (Policy)	Yes	No	No	No
Privileges (Privilege)	Yes	No	No	No
Roles (Role)	Yes	No	No	No
Administrators for roles (RoleAdmin)	Yes	Yes	Yes	Yes
Role assignments to applications (RoleAppliocation)	Yes	Yes	Yes	Yes
Scopes (Scope)	Yes	No	No	No
User accounts (User)	Yes	Yes	Yes	Yes
Application assignments to user accounts (UserApplication)	Yes	No	No	No
Authentication method assignments to user accounts(UserAuthFactor)	Yes	Yes	Yes	Yes
Custom field assignments to user accounts (UserCustomAttribute)	Yes	No	No	Yes
Privilege assignments to user accounts (UserPrivilege)	Yes	Yes	Yes	Yes

OneLogin connector settings

The following settings are configured for the system connection with the OneLogin connector.

Table 31: OneLogin connector settings
Setting	Description
Authentication URI	Authentication endpoint or URL. URL available for authenticating. Only the part of the URL added to the common part, is required to reach the authentication endpoints. If authentication of another server or another root URL is used for authentication, the full URL must be entered here. Variable: olgauthendpoint
Client secret (OAuth)	Security token for login. Variable: olgauthoauthclientsecret
Domain	Full OneLogin domain name, <your domain>.onelogin.com, for example. Variable: olgrootdn
Grant type (OAuth)	Access type for login. Variable: olgauthoauthgranttype
HTTP KeepAlive	Specifies whether HTTP connections are kept open. If the option is not set, connections are closed immediately and cannot be used for further queries. Default: True Variable: olgkeepalive
Max. parallel queries	Number of target system data queries that can be carried out at simultaneously. Enter a value between 1 and 32. Default: 0 Variable: olgparallelprocesses
Password (OAuth)	Login password if the client secret is not known. Variable: olgauthoauthpassword
Read events created since	Used for revision filtering. Variable: olgeventsincefilter
Scope (OAuth)	Scope parameter valid for target system login. If several parameter apply, separate them with spaces. Variable: olgauthoauthscope
Service URI	URI of API without version. Default: api Variable: olgroot
Use client side cache	Specifies whether the OneLogin connector's local cache is used. Local cache is used to speed up synchronization. Access to the cloud application is minimized during full synchronization. The option is ignored during provisioning. It does not make sense to use the cache during synchronization with revision filtering. If the target system supports revision filtering, disable the option after initial synchronization. Default: True Variable: olgusecache
User name (OAuth)	User name if the client secret is not known. Variable: olgauthoauthusername
Application/Client ID	Client ID for the application.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center