OneLogin Integration

Customer IT / SpaceIQ Onboarding Team

 

SiQ supports integration with the OneLogin identity management system. This details how to configure the OneLogin integration for SiQ.

The following OneLogin integration features are supported:

  • Pushing New Users - New users created through OneLogin will also be automatically created in the SiQ application.
  • Pushing Profile Updates - Updates made to users' profiles through OneLogin will be pushed to SiQ.
  • User Deactivation - Whenever a user is deactivated or disabled through OneLogin that user will also be deactivated in SiQ. (This involves removing all of the users's data and deleting their account.)
  • Download Users from Third Party Apps - New users created in the third party application will be downloaded and turned into new AppUser objects, for matching against existing SiQ users.
  • Logout Redirect - This redirects an end-user when the log out of SiQ back to the OneLogin application where they can continue working.

It is not possible to import (or pull) new users or profile updates from within SiQ. The information must be pushed from OneLogin. 

Contents

Prerequisites

You will need OneLogin admin privileges to complete this integration and for the SiQ setup, you must have a SiQ Admin or an IT role.

Integration Activities

Step 1. Active the OneLogin Integration in SiQ

From the SiQ Web App, complete the following:

  1. Click your Profile Name in the top right corner.
  2. Click Settings. The Settings screen displays.
  3. From the left menu, click Integrations.
  4. From the Third Party Integrations area, click the READ MORE link. The Integrations screen displays.

You can either search for OneLogin in the Search field or navigate to the OneLogin tile. To navigate complete the following:

  1. From the left menu, click Provisioning & SSO.
  2. For OneLogin, click the Activate button.

The OnLogin dialog displays and it contains the Provisioning tab and the SSO tab.

Provisioning Tab

For the SCIM BearerToken field, copy the token in a secure location for later use.

provisioning_tab.png

SSO Tab

If you want to enable Single Sign On, under the SSO tab, you'll see additional options. Any fields that are blank will need to be populated with data from OneLogin, which we will discuss in greater detail below.

sso_tab1.png

For the SAML Audience URI field, copy the URI for use in setting up the integration within OneLogin.

The SSO Redirect URL field must be populated with OneLogin's SAML 2.0 Endpoint (HTTP), to take advantage of the SiQ initiated SSO Login Flow. Also, for the Logout Redirect feature, you will want to fill in your company's OneLogin domain URL portal, for example, https://example.onelogin.com/app/portal: 

sso_tab2.png

Step 2. Add the new SiQ app in OneLogin

Inside OneLogin, click on the Apps tab [1], then click on Find Apps [2]: Search for SpaceIQ [3], and when you find it look for the small add link to the right [4]:

OneLogin-Navigate.jpg

To setup the integration with SSO.

Navigate to the SSO tab [1]. 

Copy and paste the SAML 2.0 Endpoint (HTTP) value [2] back to the SpaceIQ SSO Redirect URL field.

The Issuer URL [3] must be copied to SpaceIQ's SAML Issuer URL field.

Expand the X.509 Certificate details by clicking on View Details [4]. There you will see the certificate, which you will copy and paste as well back into the SpaceIQ X.509 Certificate field.

When you are done, click Activate in SpaceIQ.

SSO-Options-More__1_.jpg

Navigate to the Configuration tab in OneLogin [1].

Copy/paste the SCIM Bearer token from SpaceIQ into the corresponding OneLogin field [2].

Cick the Save button in the top right corner [3].

Configuration.jpg

 

Troubleshooting

  • Users without a First Name or/and a Last Name in their SiQ profiles cannot be imported in as new users.
  • OneLogin Users without a department will be created with a default department named “__No_Department__".
  • In the event that a department also has teams or sub-departments, SiQ will expect Organizations/Divisions to also contain Team/Sub-Department name.
    For example:

    Organization: Engineering, with Department: QA