OneLogin / Foxpass password delegation
Password Delegation for RADIUS is not compatible with PEAP. You must use EAP-TTLS-PAP (preferred) or PAP.
This describes how to set up Foxpass to delegate password verification to OneLogin.
1. Create an "Authentication Only" API Credential Pair
Follow the instructions here to create an "Authentication Only" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Create API Credentials
Copy down the "Client Secret" and "Client ID".

Copy ID and secret
2. Put that API key into Foxpass
Go to the Foxpass Auth Settings page. Go to "Delegate authentication to" , choose OneLogin and save it.

Select OneLogin
Enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.

Enter API credentials
Now all authentication requests are sent to OneLogin and users can manage their passwords through their service.
Note: We do not currently check for OneLogin MFA enforcement
If a user provides a correct OneLogin password, we allow them to authenticate with Foxpass regardless of their MFA settings.
Updated about 1 month ago