OneLogin / Foxpass password delegation

This describes how to set up Foxpass to delegate password verification to OneLogin.

1. Create an "Authentication Only" API Credential Pair

Follow the instructions here to create an "Authentication Only" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Copy down the "Client Secret" and "Client ID".

2. Put that API key into Foxpass

Go to the Foxpass authentication settings page. Scroll down to "Password authentication delegation". Enable it, and choose OneLogin /1. Enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.

Now all authentication requests are sent to OneLogin and users can manage their passwords through their service.

📘

Note: We do not currently check for OneLogin MFA enforcement

If a user provides a correct OneLogin password, we allow them to authenticate with Foxpass regardless of their MFA settings.