OneLogin / Foxpass password delegation

This describes how to set up Foxpass to delegate password verification to OneLogin.

1. Create an "Authentication Only" API Credential Pair

Follow the instructions here to create an "Authentication Only" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Create API Credentials

Create API Credentials

Copy down the "Client Secret" and "Client ID".

Copy ID and secret

Copy ID and secret

2. Put that API key into Foxpass

Go to the Foxpass authentication settings page. Go to "Delegate authentication to" , choose OneLogin and save it.

Select OneLogin

Select OneLogin

Enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.

Enter API credentials

Enter API credentials

Now all authentication requests are sent to OneLogin and users can manage their passwords through their service.

📘

Note: We do not currently check for OneLogin MFA enforcement

If a user provides a correct OneLogin password, we allow them to authenticate with Foxpass regardless of their MFA settings.