There are numerous ways to connect your favorite applications to OneLogin. The ideal approach depends on many different factors, such as the application's single sign-on (SSO) capabilities or whether it's a commercial application or one that your organization has built internally. This article provides an overview of each integration and connector supported by OneLogin, as well as some custom solutions for applications not already supported.
Form-Based Authentication
When a web app doesn't support integration standards like SAML or OIDC, OneLogin can store a user's password securely in the cloud and automate the sign-in process, using the application's own login form to authenticate the user.
OneLogin is pre-integrated with hundreds of form-based apps with easy setup and configuration. For apps not already in the OneLogin catalog, you can use the generic universal connector (UC2) to support form-based authentication with any web app that has a dedicated one-step login page and does not use Flash or iFrames.
SAML
SAML (Security Assertion Markup Language) is one of the most popular ways of handling SSO for web-based applications. It's standards-based, fast, very secure, and does not rely on user passwords.
OneLogin is pre-integrated with hundreds of SAML-enabled apps with easy setup and configuration, as well as a custom SAML connector for your internal applications or any other SAML apps currently unavailable in OneLogin's catalog.
OneLogin also provides an SAML Assertion API that enables developers to authenticate their app's users via SAML, along with free, open-source SAML toolkits for Java, .NET, Ruby, Python, and PHP, which you can use to add enterprise-strength SSO to your application.
OpenID Connect (OIDC)
An increasingly common form of authentication, OIDC is a simple identity layer built on top of the OAuth 2.0 protocol. With it, a range of clients, including JavaScript, web-based, and mobile apps, can verify a user's identity and get basic information about them by exchanging data with an authorization server or identity provider (IdP). For example, when an app prompts you to sign in using your Facebook or Google account rather than creating a new set of credentials, the app is probably using OIDC.
OneLogin is pre-integrated with several OIDC apps, as well as a custom OIDC connector and developer guide for building your own OIDC-enabled apps.
RADIUS
Clients that support the RADIUS (Remote Authentication Dial-In User Service) protocol, such as IPsec VPN clients and WiFi Access Points, can authenticate against OneLogin's RADIUS interface. When OneLogin receives a RADIUS Access-Request message, the user's credentials are authenticated against the directory linked to the user. This interface also supports multi-factor authentication (MFA) for increased user-friendliness and organization security.
Virtual LDAP (VLDAP)
Clients that support LDAP (Lightweight Directory Access Protocol) can authenticate against OneLogin's VLDAP interface, enabling you to use OneLogin as your cloud-based LDAP directory. It enables integrations with legacy systems that require a LDAP endpoint for authenticating and authorizing your users, and supports multi-factor authentication (MFA) for increased user-friendliness and organization security.
WS-Federation
WS-Federation is an Identity Federations specification for SSO. It's primarily used in conjunction with SAML by Microsoft solutions, such as Microsoft Dynamics, SharePoint, and Office 365.
Provisioning
User provisioning often works hand-in-hand with API integrations, but can be implemented with SAML or SCIM in some cases as well. It's an important part of OneLogin's set of Identity Lifecycle Management tools, allowing you to seamlessly synchronize your users in OneLogin with their equivalent accounts in the integrated app, automatically adding and removing permissions, statuses, groups, and more as your users' needs change.
Note: When using provisioning with a SAML integration, provisioning must be enabled before enabling SAML.
SCIM
The SCIM (System for Cross-domain Identity Management) specification is designed to make user provisioning and cloud-based user management easier by defining a canonical user schema and RESTful API for all necessary user management operations.
Several major directories, such as Microsoft Entra ID and Amazon Web Services support SCIM integrations, and it's easy to adopt for your own applications as well.
QuickLinks
Although not strictly an integration because it doesn't authenticate logins, OneLogin's QuickLink app connector is an invaluable tool for creating URL shortcuts to any website that your users may need quick and easy access to.
To use QuickLinks, simply add the application QuickLink (POST), give it your desired name and icon, and enter the site address in Configuration. A tile for that website will appear alongside the other applications in the OneLogin user portal, effectively acting as a bookmark for any app that does not require users to log in.
The Fastrack Program
If you can’t find a connector you need, or have a unique proprietary application that your organization uses internally, OneLogin's Fastrack Connector Program is the quickest and easiest way to integrate OneLogin with unique applications to meet your immediate business needs.
Simply fill out a brief form describing your specifications for a SAML, form fill, SCIM, or OIDC connection, and your OneLogin account manager will reach out to you with a customized quote to have the connector or integration quickly developed for you.