Skip to main content
Sign in

Creating an extended integration for OneLogin users

Caroline Maguire
  • June 16, 2022 10:39
  • Updated

Let Oomnitza be your single source of truth!

You'll get complete visibility of your users as data from OneLogin is automatically transformed into consumable information and actionable insights.

Connect Oomnitza and OneLogin in minutes

Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:

  • Configurable dashboards and list views of key user information
  • Configurable reports to share information about users with your colleagues and management
  • Configurable workflows that you can easily create such as: 
    • Workflows for retrieving the SaaS user role and last login time stamp 
    • Workflows for deactivating SaaS users in Oomnitza
    • Workflows for deleting SaaS users in OneLogin

Navigation

small_blue_link.svgAdding the credentials

small_blue_link.svgCreating the user integration

small_blue_link.svgCreating custom mappings

small_blue_link.svg Creating workflows

Creating Saas user workflows

User Role preset

Creating user workflows with the API block

Delete User

Before you start

Best practice
For the integration with Oomnitza, create a dedicated user account. The user must have, at least, Read User permissions.

OneLogin uses OAuth2 based authentication.

To integrate OneLogin with Oomnitza, you'll need the following information:

  • Client ID
  • Client secret
  • Region

Please follow the documentation links below to create an OAuth2.0 app and keep your Client ID, Client Secret, and Region to be used when configuring your credential within Oomnitza.

Tip
Don't forget to keep a copy of your client secret.

Documentation Links

For further information please consult the links below:

Adding the credentials

  1. Log into Oomnitza.
  2. Click Configuration > Security > Credentials, and then click Add new credential (+).
  3. On the INFORMATION tab, complete these actions:
    1. Add the name of the credential such as OneLogin Users.
    2. Add the name of the owner. 
  4. On the AUTHORIZATION tab, complete these actions:
    • As authorization type, select 0Auth 2.0.
    • From the SaaS list, select OneLogin.
  5. Enter the region such as eu or us.
  6. Enter your client ID and secret.
  7. Click Authenticate.
  8. Click CREATE.

Creating the user integration

Info and connect details

  1. From the menu, click Configuration > Integrations.
  2. Click Integrations List View small_SettingsListView.svg.
  3. On the Integrations page, scroll down to the Extended section for User Integrations.
  4. Click NEW INTEGRATION.
  5. In the New User Integration sidebar, click OneLogin.
  6. Click APPLY next to the OneLogin User Load, and then click NEXT twice.

Connect page

Best practice
To ensure that only live user records are streamed to Oomnitza, choose Update only as your integration preference. When you run the integration, you can check the error logs to see which user records weren't uploaded and why they weren't uploaded. You can then decide whether to upload the user records that were skipped by changing your integration preference to create and upload. See Access error logs.

  1. Enter a descriptive name for the integration such as OneLogin Users. That'll be the name of the user integration that is shown on the Integrations page.
  2. From the User Selection list, select User plus SaaS User or User only.
  3. If you select User plus SaaS User and you have multiple instances of the same SaaS application, select the application from the SaaS Selection list. If you have a single instance of the SaaS application, skip this step.
  4. From the installation type list, select Cloud.
  5. From the Credentials list, select your credentials.
  6. From the Integration Preferences list, select Update only.   
  7. Enter the name of the user of the integration.
  8. Enter the region.
  9. Click Next.

Creating custom mappings

Map the OneLogin fields to Oomnitza fields and create custom mappings to get the user information that you need.

Complete these actions:

  1. Click SMART MAPPINGS.
  2. Create custom mappings to map the OneLogin fields that you want to add to Oomnitza:
    1. Click the down arrow on the field that you want to map.
    2. Select Add new Oomnitza users field.
    3. Change the name of the field. 
    4. Click CREATE
  3. Assign an Oomnitza role to the users such as Employee.
  4. Assign a sync key to one of the fields such as the email field.
  5. Click NEXT

Note: For all user loads, it is recommended that you map role information to an employee role in Oomnitza. Users need to have an employee role defined in order to access Oomnitza. If the role information is not available from the user load, it is recommended that you select Employee from the Oomnitza Role dropdown list. You have the option to overwrite this at a later point should the role information become available. 

Standard OneLogin to Oomnitza mappings

The following OneLogin fields can be mapped to Oomnitza:

Activated At
Comment
Company
Created At
Department
Directory ID
Distinguished Name
Email
External ID
First Name
Group ID
ID
Invalid Login Attempts
Invitation Sent At
Last Login
Last Name
Locked Until
Manager AD ID
Manager User ID
Member Of
Password Changed At
Phone
Preferred Locale Code
SAMAccountName
State
Status
Title
Trusted Idp ID
Updated At
User Principal Name
Username

 

Want to map more fields to Oomnitza?
Contact Support, or see Mapping extended connectors.

When you've completed mapping the OneLogin to Oomnitza fields, click NEXT.

Schedule

By default, user data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Configure your schedule.
  2. Click FINISH.

Result

A new tile is created for the integration on the Integrations page. 

What to do next

If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.

If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings. 

edit-integration.svg

Creating workflows

Creating Saas user workflows

You can create the SaaS User workflow by following the steps in Creating Saas user workflows. To locate a preset, enter OneLogin in the Select Preset search field. The OneLogin SaaS User workflow block comes with one available preset, the OneLogin User Role preset.

OneLogin User Role preset

The OneLogin User Role preset enables you to read a user’s role and last login from your OneLogin integration. When you select this preset, enter the following details in the Configure section:

  • Your OneLogin credentials that you created in Adding the credentials.
  • The Region or location of your OneLogin instance, such as eu or us. Note: The location must be in lower case.

Once you run your preset you can retrieve your results by completing the steps in Retrieving your SaaS workflow results.

Creating user workflows with the API block

You can also create user workflows with the API block by following the steps in Creating user workflows with the API block. To locate a preset, enter OneLogin in the Select Preset search field. The OneLogin API block workflow comes with one available preset, the OneLogin Delete User preset.

Using the OneLogin Delete User preset

This OneLogin Delete User preset allows you to delete a user from OneLogin. You can use this preset in conjunction with the OneLogin User Role preset. Running this preset after the OneLogin User Role preset enables you to delete the accounts that were found inactive when using the OneLogin user role workflow.

When you select this preset, enter the following details in the Configure section:

  • Your OneLogin credentials that you created in Adding the credentials.
  • Your Region. To update your region, complete the following steps:
    1. In the API block window, click the Advanced Mode button located in the upper right of the window.
    2. Select the Information tab 
    3. Replace the tag {{region}} in the URL field with the region or location of your OneLogin instance https://api.us.onelogin.com/api/2/users/{{user_external_id}}

For further information see OneLogin API documentation: Delete User

For further information on workflows see:
small_blue_link.svg Understanding workflows
small_blue_link.svg Workflow block overview

Unleash the power of Oomnitza

To get valuable actionable insights that help you manage your assets, learn how to:

      • Configure dashboards for your users and software
      • Configure custom reports about your users and software
      • Create workflows to automate tasks

small_blue_link.svg Getting started

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk