OneLogin | IDE Services Documentation

Prerequisites

You have a valid Okta account.
You have created an application.yaml file to configure your IDE Services Server.

Add IDE Services to OneLogin

Start by configuring a custom OIDC connector so that IDE Services can use OneLogin as an authentication provider.

Open the OneLogin portal in your browser and log in using your OneLogin account.
From the main menu, select Applications | Applications.
Click Add App.
In the search field, start typing OpenId Connect and select this application.
Specify IDE Services as an application name and click Save.
On the Configuration tab, specify the callback endpoint to redirect the end user in the Redirect URIs field - http://<ide_services_server_domain.com>/api/login/authenticated.
On the SSO tab, select POST in the Authentication Method field.
Copy and save the Client ID and Client Secret values. You will need them for configuring application.yaml.
Save the resulting configuration.

Configure OneLogin in application.yaml

After adding IDE Services to OneLogin, you need to configure your application.yaml file and specify the OAuth 2.0 provider properties there:

            tbe:
                auth:
                    login-url: "https://<subdomain>.onelogin.com/oidc/2/auth"
                    token-url: "https://<subdomain>.onelogin.com/oidc/2/token"
                    jwt-certs-url: "https://<subdomain>.onelogin.com/oidc/2/certs"
                    client-id: "your_identifier"
                    client-secret: "your_password"
                    required-scopes: [ "profile", "email", "openid" ]
                    login-url-prompt-param: "login"
                    root-admin-emails:
                      - "toolbox.admin@example.com"
        

login-url

Provide a URL for logging in via OneLogin.

You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration.

token-url

Provide a URL for obtaining an authorization token on OneLogin's side.

You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration.

jwt-certs-url

Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).

You can obtain this URL from the Well-known configuration on the OneLogin portal. Open the application details, go to the SSO tab and click the Well-known Configuration link. Alternatively, you can request the Well-known configuration at https://<your_OneLogin_domain>.onelogin.com/oidc/2/.well-known/openid-configuration.

client-id

Specify the public identifier for IDE Services used in OneLogin.

client-secret

Specify the client secret for IDE Services used in OneLogin.

required-scopes

Set the value to [ "profile", "email", "openid"].

login-url-prompt-param

Defines whether the user should be prompted with a login dialog. Specify one of the following:

login: use this value to show the login dialog to the user.
none: use this value to skip showing the login dialog to the user.

root-admin-emails

List emails of users that will receive admin rights.