Close
logodocs

SSO with OneLogin v2

You already use your SSO provider to conveniently manage permissions to applications; now you can also use it to manage permissions to your datasources following these simple steps.

OneLogin v1 has been deprecated by OneLogin and is no longer available. This guide has been updated to use v2.

  1. Add new application: In the OneLogin admin panel, click on "Applications" followed by "Add Apps". Search for "OpenID Connect (OIDC)" and click on it. Name the application "strongDM" and click "Save".

    "Create App"
    "Create App"
  2. Enter configuration details: Go to the "Configuration" tab and enter the strongDM login URL: https://app.strongdm.com. Add the following "Redirect URIs": https://app.strongdm.com/auth/return and https://app.strongdm.com/auth/return/

    "Enter URLs"
    "Enter URLs"
  3. Get Client ID and Client Secret: Go to the "SSO" tab and note the Client ID and Client Secret. You will need these in the next step.

    "Get Client ID and Client Secret"
    "Get Client ID and Client Secret"
  4. Enter the account details in strongDM: In the strongDM Admin UI, go to Settings -> Authentication, choose OneLogin (v2) from the dropdown menu, and add your URL, Client ID, and Client Secret.

    "Configure OneLogin in strongDM"
    "Configure OneLogin in strongDM"

    OneLogin v1 used URLs in the format of https://openid-connect.onelogin.com/oidc. This guide has been updated to use v2, which only uses URLs in the format of yoursubdomain.onelogin.com/version (with the version being 2).

  5. Enable refresh token and set Authentication Method: On the OneLogin side again, configure the refresh tokens as shown in the screenshot and set "Authentication Method" to POST. Save the configuration.

    "Configure tokens in OneLogin"
    "Configure tokens in OneLogin"
  6. Final steps in OneLogin: Confirm that the email addresses for all users are identical in both strongDM and OneLogin, and that all users whom you intend to grant database access have access to the strongDM application by default.

    Once you have saved the application configuration in OneLogin, it may take some time for the changes to be reflected in the OneLogin authentication environment. We recommend waiting at least several hours before enabling and testing OneLogin SSO in strongDM after you have completed the setup.

If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.

Installation — Previous
SSO with Okta
Next — Installation
SSO with VMWare