立即与支持人员聊天
与支持团队交流

Identity Manager 9.1 - Administration Guide for Integration with OneLogin Cloud Directory

Integration with OneLogin Cloud Directory Synchronizing a OneLogin domain
Setting up initial synchronization with a OneLogin domain Customizing the synchronization configuration Running synchronization Tasks following synchronization Troubleshooting Ignoring data error in synchronization Pausing handling of target system specific processes (Offline mode)
Managing OneLogin user accounts and employees Managing memberships in OneLogin roles Login information for OneLogin user accounts Mapping OneLogin objects in One Identity Manager Handling of OneLogin objects in the Web Portal Base data for OneLogin domains Configuration parameters for managing OneLogin domains Default template for OneLogin domains Editing OneLogin system objects OneLogin connector settings

Editing OneLogin system objects

The following table describes permitted editing methods of OneLogin schema types and names restrictions required by system object processing.

Table 30: Methods available for editing schema types
Type Read Add Delete Refresh

Service provider (APIAuthorization)

Yes

No

No

No

Applications (Application)

Yes

No

No

No

Authentication methods (AuthFactor)

Yes

No

No

No

Clients (Client)

Yes

No

No

No

Custom user fields (CustomAttribute)

Yes

No

No

No

Change history (Event)

Yes

No

No

No

Groups (Group)

Yes

No

No

No

Policies (Policy)

Yes

No

No

No

Privileges (Privilege)

Yes

No

No

No

Roles (Role)

Yes

No

No

No

Administrators for roles (RoleAdmin)

Yes

Yes

Yes

Yes

Role assignments to applications (RoleAppliocation)

Yes

Yes

Yes

Yes

Scopes (Scope)

Yes

No

No

No

User accounts (User)

Yes

Yes

Yes

Yes

Application assignments to user accounts (UserApplication)

Yes

No

No

No

Authentication method assignments to user accounts(UserAuthFactor)

Yes

Yes

Yes

Yes

Custom field assignments to user accounts (UserCustomAttribute)

Yes

No

No

Yes

Privilege assignments to user accounts (UserPrivilege)

Yes

Yes

Yes

Yes

OneLogin connector settings

The following settings are configured for the system connection with the OneLogin connector.

Table 31: OneLogin connector settings

Setting

Description

Authentication URI

Authentication endpoint or URL. URL available for authenticating. Only the part of the URL added to the common part, is required to reach the authentication endpoints. If authentication of another server or another root URL is used for authentication, the full URL must be entered here.

Variable: olgauthendpoint

Client secret (OAuth)

Security token for login.

Variable: olgauthoauthclientsecret

Domain

Full OneLogin domain name, <your domain>.onelogin.com, for example.

Variable: olgrootdn

Grant type (OAuth)

Access type for login.

Variable: olgauthoauthgranttype

HTTP KeepAlive

Specifies whether HTTP connections are kept open. If the option is not set, connections are closed immediately and cannot be used for further queries.

Default: True

Variable: olgkeepalive

Max. parallel queries

Number of target system data queries that can be carried out at simultaneously. Enter a value between 1 and 32.

Default: 0

Variable: olgparallelprocesses

Password (OAuth)

Login password if the client secret is not known.

Variable: olgauthoauthpassword

Read events created since

Used for revision filtering.

Variable: olgeventsincefilter

Scope (OAuth)

Scope parameter valid for target system login. If several parameter apply, separate them with spaces.

Variable: olgauthoauthscope

Service URI

URI of API without version.

Default: api

Variable: olgroot

Use client side cache

Specifies whether the OneLogin connector's local cache is used.

Local cache is used to speed up synchronization. Access to the cloud application is minimized during full synchronization. The option is ignored during provisioning. It does not make sense to use the cache during synchronization with revision filtering. If the target system supports revision filtering, disable the option after initial synchronization.

Default: True

Variable: olgusecache

User name (OAuth)

User name if the client secret is not known.

Variable: olgauthoauthusername

Application/Client ID

Client ID for the application.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级