SSO with OneLogin v2
You already use your SSO provider to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.
OneLogin v1 has been deprecated by OneLogin and is no longer available. This guide has been updated to use v2.
Add new application: In the OneLogin admin panel, click on "Applications" followed by "Add Apps". Search for "OpenID Connect (OIDC)" and click on it. Name the application "strongDM" and click "Save".
Enter configuration details: Go to the "Configuration" tab and enter the strongDM login URL:
https://app.strongdm.com. Add the following "Redirect URIs":
Get Client ID and Client Secret: Go to the "SSO" tab and note the Client ID and Client Secret. You will need these in the next step.
Enter the account details in strongDM: In the strongDM Admin UI, go to Settings -> Authentication, choose OneLogin (v2) from the dropdown menu, and add your URL, Client ID, and Client Secret.
OneLogin v1 used URLs in the format of
https://openid-connect.onelogin.com/oidc. This guide has been updated to use v2, which only uses URLs in the format of
yoursubdomain.onelogin.com/version(with the version being 2).
Enable refresh token and set Authentication Method: On the OneLogin side again, configure the refresh tokens as shown in the screenshot and set "Authentication Method" to POST. Save the configuration.
Final steps in OneLogin: Confirm that the email addresses for all users are identical in both strongDM and OneLogin, and that all users whom you intend to grant database access have access to the strongDM application by default.
Once you have saved the application configuration in OneLogin, it may take some time for the changes to be reflected in the OneLogin authentication environment. We recommend waiting at least several hours before enabling and testing OneLogin SSO in strongDM after you have completed the setup.
If any errors occur or if the integration fails in any way, please contact email@example.com for assistance.