SSO with OneLogin V2
This guide provides step-by-step instructions on how to configure single sign-on (SSO) with OneLogin V2. You already use OneLogin to conveniently manage permissions to applications. After SSO configuration is complete, you'll also be able to use your SSO provider to manage permissions to your Datasources.
OneLogin V1 has been deprecated by OneLogin and is no longer available. This guide has been updated to use V2.
In the OneLogin Admin panel, click Applications and then click Add Apps to create a new application. Search for and select OpenID Connect (OIDC). Name the application "strongDM" and click Save.
Go to the Configuration tab and enter the following configuration details:
- Login Url: Enter
- Redirect URIs: Add
- Login Url: Enter
Go to the SSO tab and copy the Client ID and Client Secret. You will need these values in the next step.
Enter the account details in the strongDM Admin UI. Go to Settings > User Management. In the Single Sign-on section, set the following:
- Provider: Select OneLogin (V2).
- Single sign-on URL: Enter your V2 Issuer URL (
- Client ID: Paste your client ID.
- Client Secret: Paste your client secret.
Select your desired general SSO settings and click activate.
OneLogin V1 used URLs in the format of
https://openid-connect.onelogin.com/oidc. This guide has been updated to use V2, which only uses URLs in the format of
Go back to OneLogin. On the SSO tab, under Token Endpoint, set the Authentication Method to POST and save the configuration.
Confirm that the email addresses for all users are identical in both strongDM and OneLogin and that all users whom you intend to grant database access have access to the strongDM application by default.
Once you have saved the application configuration in OneLogin, it may take some time for the changes to be reflected in the OneLogin authentication environment. We recommend waiting at least several hours before enabling and testing OneLogin SSO in strongDM after you have completed the setup.
If any errors occur or if the integration fails in any way, please contact firstname.lastname@example.org for assistance.