OneLogin Integration

SpaceIQ supports an integration with the OneLogin identity management system. This article will walk you through the steps required to connect SpaceIQ with OneLogin.

Upon completion of the integration steps, you'll enjoy the following capabilities:

  • Pushing New Users - New users created through OneLogin will also be automatically created in the SpaceIQ application.
  • Pushing Profile Updates - Updates made to users' profiles through OneLogin will be pushed to SpaceIQ.
  • User Deactivation - Whenever a user is deactivated or disabled through OneLogin that user will also be deactivated in SpaceIQ. (This involves removing all of the users's data and deleting their account.)
  • Download Users from Third Party Apps - New users created in the third party application will be downloaded and turned into new AppUser objects, for matching against existing SpaceIQ users.
  • Logout Redirect - This redirects an end-user when the log out of SpaceIQ back to the OneLogin application where they can continue working.

It is not possible to import (or pull) new users or profile updates from within SpaceIQ. The information must be pushed from OneLogin. 

Contents

SpaceIQ Actions

Begin inside the SpaceIQ web application by clicking on your profile name in the top right corner [1] and selecting settings [2]. Scroll down to see the Integrations section [3], where you will click on Third Party Integrations [4]:

Navigate-Integrations__1_.jpg

On the integrations page, you can either select Provisioning & SSO [1] then click on the Activate button under OneLogin [2], or you can search at the top [3] and select OneLogin from the search results [4]:

Select-One-Login.jpg

 

Provisioning

On the next page you will see two tabs at the top, one for Provisioning and one for SSO. Starting with Provisioning [1], find and select the SCIM Bearer Token [2]. Copy and save this token in a secure location for later use:

Bearer-Token.jpg

 

SSO

If you want to enable Single Sign On, under the SSO tab [1], you'll see additional options. Any fields that are blank will need to be populated with data from OneLogin, which we will discuss in greater detail below. Save the SAML Audience URI [2] for use in setting up the integration within OneLogin. The SSO Redirect URL Field [3] should be populated with OneLogin's SAML 2.0 Endpoint (HTTP), to take advantage of the SpaceIQ initiated SSO Login Flow. Likewise, for the Logout Redirect feature, you'll want to fill in your company's OneLogin domain URL portal [4], such as https://example.onelogin.com/app/portal: 

SSO-Options-More.jpg

 

OneLogin Actions

Inside OneLogin, click on the Apps tab [1], then click on Find Apps [2]: Search for SpaceIQ [3], and when you find it look for the small add link to the right [4]:

OneLogin-Navigate.jpg

 

To setup the integration with SSO, navigate to the SSO tab [1].  Copy and paste the SAML 2.0 Endpoint (HTTP) value [2] back to the SpaceIQ SSO Redirect URL field. The Issuer URL [3] should be copied to SpaceIQ's SAML Issuer URL field. Expand the X.509 Certificate details by clicking on View Details [4]. There you will see the certificate, which you should copy and paste as well back into the SpaceIQ X.509 Certificate field. When you are done, be sure click Activate in SpaceIQ:

SSO-Options-More__1_.jpg

Next you will need to navigate to the Configuration tab in OneLogin [1] and copy/paste the SCIM Bearer token from SpaceIQ into the corresponding OneLogin field [2]. After pasting the token, click on Save in the top right corner [3]:

Configuration.jpg

 

Troubleshooting

  • Users without a First Name or/and a Last Name in their SpaceIQ profiles cannot be imported to OneLogin as new users.
  • OneLogin Users without a department will be created with a default department named “__No_Department__".
  • In the event that a department also has teams or sub-departments, SpaceIQ will expect Organizations/Divisions to also contain Team/Sub-Department name.
    For example:

    Organization: Engineering, with Department: QA
0 out of 0 found this helpful
Have more questions? Submit a request