HomeGuidesAPI Reference
Guides
Get Started

OneLogin / Foxpass password delegation

Suggest Edits

🚧

Password Delegation for RADIUS is not compatible with PEAP. You must use EAP-TTLS-PAP (preferred) or PAP.

This describes how to set up Foxpass to delegate password verification to OneLogin.

1. Create an "Authentication Only" API Credential Pair

Follow the instructions here to create an "Authentication Only" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Create API Credentials

Create API Credentials

Copy down the "Client Secret" and "Client ID".

Copy ID and secret

Copy ID and secret

2. Put that API key into Foxpass

Go to the Foxpass Auth Settings page. Go to "Delegate authentication to" , choose OneLogin and save it.

Select OneLogin

Select OneLogin

Enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.

Enter API credentials

Enter API credentials

Now all authentication requests are sent to OneLogin and users can manage their passwords through their service.

📘

Note: We do not currently check for OneLogin MFA enforcement

If a user provides a correct OneLogin password, we allow them to authenticate with Foxpass regardless of their MFA settings.

Updated about 1 month ago