Close
logodocs

SSO with OneLogin (OIDC)

This guide provides step-by-step instructions on how to configure single sign-on (SSO) with OneLogin V2. You already use OneLogin to conveniently manage permissions to applications. After SSO configuration is complete, you'll also be able to use your SSO provider to manage permissions to your Datasources.

OneLogin V1 has been deprecated by OneLogin and is no longer available. This guide has been updated to use V2.

Steps

  1. In the OneLogin Admin panel, click Applications and then click Add Apps to create a new application. Search for and select OpenID Connect (OIDC). Name the application "strongDM" and click Save.

    Create App
    Create App

  2. Go to the Configuration tab and enter the following configuration details:

    1. Login Url: Enter https://app.strongdm.com.
    2. Redirect URIs: Add https://app.strongdm.com/auth/return and https://app.strongdm.com/auth/return/.
      Enter URLs
      Enter URLs
  3. Go to the SSO tab and copy the Client ID and Client Secret. You will need these values later.

    Get Client ID and Client Secret
    Get Client ID and Client Secret

  4. Still on the SSO tab, under Token Endpoint, set the Authentication Method to POST and save the configuration.

  5. Enter the account details in the strongDM Admin UI. Go to Settings > User Management. In the Single Sign-on section, set the following:

    1. Provider: Select OneLogin (V2).
    2. Single sign-on URL: Enter your V2 Issuer URL (https://<SUBDOMAIN>.onelogin.com/oidc/2).
    3. Client ID: Paste your client ID.
    4. Client Secret: Paste your client secret.
  6. Select your desired general SSO settings and click activate.

    Configure OneLogin in strongDM
    Configure OneLogin in strongDM

    OneLogin V1 used URLs in the format of https://openid-connect.onelogin.com/oidc. This guide has been updated to use V2, which only uses URLs in the format of https://<SUBDOMAIN>.onelogin.com/oidc/2.

  7. Confirm that the email addresses for all users are identical in both strongDM and OneLogin and that all users whom you intend to grant database access have access to the strongDM application by default.

    Once you have saved the application configuration in OneLogin, it may take some time for the changes to be reflected in the OneLogin authentication environment. We recommend waiting at least several hours before enabling and testing OneLogin SSO in strongDM after you have completed the setup.

If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.

Installation — Previous
SSO with Okta
Next — Installation
SSO with VMware Workspace ONE