Let Oomnitza be your single source of truth!
You'll get complete visibility of your users as data from OneLogin is automatically transformed into consumable information and actionable insights.
Connect Oomnitza and OneLogin in minutes
Get the information and insights that you need to reduce costs and the time that you spend on administration tasks such as:
- Configurable dashboards and list views of key user information
- Configurable reports to share information about users with your colleagues and management
- Configurable workflows that you can easily create such as:
- Workflows for retrieving the SaaS user role and last login time stamp
- Workflows for deactivating SaaS users in Oomnitza
- Workflows for deleting SaaS users in OneLogin
Navigation
Creating user workflows with the API block
Before you start
Best practice
For the integration with Oomnitza, create a dedicated user account. The user must have, at least, Read User permissions.
OneLogin uses OAuth2 based authentication.
To integrate OneLogin with Oomnitza, you'll need the following information:
- Client ID
- Client secret
- Region
Please follow the documentation links below to create an OAuth2.0 app and keep your Client ID, Client Secret, and Region to be used when configuring your credential within Oomnitza.
Tip
Don't forget to keep a copy of your client secret.
Documentation Links
For further information please consult the links below:
- OneLogin API Documentation: Overview of OpenID Connect
- OneLogin API Documentation: Create an OAuth App
- OneLogin API Documentation: Auth Code Flow pt. 1
- OneLogin API Documentation: Auth Code Flow Pt. 2
Adding the credentials
- Log into Oomnitza.
- Click Settings > Credentials, and then click Add new credential (+).
- On the INFORMATION tab, complete these actions:
- Add the name of the credential such as OneLogin Users.
- Add the name of the owner.
- On the AUTHORIZATION tab, complete these actions:
- As authorization type, select 0Auth 2.0.
- From the SaaS list, select OneLogin.OneLogin OAuth 2.0.
- Enter the region such as eu or us.
- Enter your client ID and secret.
- Click Authenticate.
- Click CREATE.
Creating the user integration
Info and connect details
- From the menu, click Settings.
- Click Integrations List View
.
- On the Integrations page, scroll down to the Extended section for User Integrations.
- Click NEW INTEGRATION.
- In the New User Integration sidebar, click OneLogin.
- Click APPLY next to the OneLogin User Load, and then click NEXT twice.
Connect page
Best practice
To ensure that only live user records are streamed to Oomnitza, choose Update only as your integration preference. When you run the integration, you can check the error logs to see which user records weren't uploaded and why they weren't uploaded. You can then decide whether to upload the user records that were skipped by changing your integration preference to create and upload. See Access error logs.
- Enter a descriptive name for the integration such as OneLogin Users. That'll be the name of the user integration that is shown on the Integrations page.
- From the User Selection list, select User plus SaaS User.
- From the installation type list, select Cloud.
- From the Credentials list, select your credentials.
- From the Integration Preferences list, select Update only.
- Enter the name of the user of the integration.
- Enter the region.
- Click Next.
Creating custom mappings
Map the OneLogin fields to Oomnitza fields and create custom mappings to get the user information that you need.
Complete these actions:
- Click SMART MAPPINGS.
- Create custom mappings to map the OneLogin fields that you want to add to Oomnitza:
- Click the down arrow on the field that you want to map.
- Select Add new Oomnitza users field.
- Change the name of the field.
- Click CREATE.
- Assign an Oomnitza role to the users such as Employee.
- Assign a sync key to one of the fields such as the email field.
- Click NEXT.
Note: For all user loads, it is recommended that you map role information to an employee role in Oomnitza. Users need to have an employee role defined in order to access Oomnitza. If the role information is not available from the user load, it is recommended that you select Employee from the Oomnitza Role dropdown list. You have the option to overwrite this at a later point should the role information become available.
Standard OneLogin to Oomnitza mappings
The following OneLogin fields can be mapped to Oomnitza:
Activated At
Comment
Company
Created At
Department
Directory ID
Distinguished Name
Email
External ID
First Name
Group ID
ID
Invalid Login Attempts
Invitation Sent At
Last Login
Last Name
Locked Until
Manager AD ID
Manager User ID
Member Of
Password Changed At
Phone
Preferred Locale Code
SAMAccountName
State
Status
Title
Trusted Idp ID
Updated At
User Principal Name
Username
Want to map more fields to Oomnitza?
Contact Support, or see Mapping extended connectors.
When you've completed mapping the OneLogin to Oomnitza fields, click NEXT.
Schedule
By default, user data is streamed to Oomnitza once every day.
You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.
- Configure your schedule.
- Click FINISH.
Result
A new tile is created for the integration on the Integrations page.
What to do next
If you want to see the information that is collected now, click the tile on the Integrations page and click RUN NOW.
If you want to change the integration settings, you can click a navigation link on the page, such as 4 Mappings, and edit the settings.
Creating workflows
Creating Saas user workflows
You can create the SaaS User workflow by following the steps in Creating Saas user workflows. To locate a preset, enter OneLogin in the Select Preset search field. The OneLogin SaaS User workflow block comes with one available preset, the OneLogin User Role preset.
OneLogin User Role preset
The OneLogin User Role preset enables you to read a user’s role and last login from your OneLogin integration. When you select this preset, enter the following details in the Configure section:
- Your OneLogin credentials that you created in Adding the credentials.
- The Region or location of your OneLogin instance, such as eu or us. Note: The location must be in lower case.
Once you run your preset you can retrieve your results by completing the steps in Retrieving your SaaS workflow results.
Creating user workflows with the API block
You can also create user workflows with the API block by following the steps in Creating user workflows with the API block. To locate a preset, enter OneLogin in the Select Preset search field. The OneLogin API block workflow comes with one available preset, the OneLogin Delete User preset.
Using the OneLogin Delete User preset
This OneLogin Delete User preset allows you to delete a user from OneLogin. You can use this preset in conjunction with the OneLogin User Role preset. Running this preset after the OneLogin User Role preset enables you to delete the accounts that were found inactive when using the OneLogin user role workflow.
When you select this preset, enter the following details in the Configure section:
- Your OneLogin credentials that you created in Adding the credentials.
- Your Region. To update your region, complete the following steps:
- In the API block window, click the Advanced Mode button located in the upper right of the window.
- Select the Information tab
- Replace the tag {{region}} in the URL field with the region or location of your OneLogin instance:
https://api.us.onelogin.com/api/2/users/{{user_external_id}}
For further information see OneLogin API documentation: Delete User.
For further information on workflows see: Understanding workflows
Workflow block overview
Unleash the power of Oomnitza
To get valuable actionable insights that help you manage your assets, learn how to:
- Configure dashboards for your users and software
- Configure custom reports about your users and software
- Create workflows to automate tasks
Comments
0 comments
Please sign in to leave a comment.