Sync With OneLogin

This describes how to set up Foxpass to delegate password verification to OneLogin.

Create a "Read Users" API Credential Pair

Go to Developers > API Credentials > New Credential. Enter your credential name say "Foxpass" and click Save.
Follow the instructions here to create an "Read Users" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials

Copy down the "Client ID" and "Client Secret". Click Done.

Enter your Credential Pair into Foxpass

Go to the Foxpass 'Sync' page. Choose 'OneLogin' from the dropdown next to 'Select synchronization provider'.

Sync Users

Choose 'Yes' from one or both of the dropdown menus, then enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.

Sync Groups

Select 'Yes' from the dropdown for 'Group Sync' option and click 'Sync Now' button. The OneLogin groups will be synced to Foxpass and can be seen on the Groups page.

Optional: Sync roles instead of groups

You can optionally sync OneLogin Roles instead of OneLogin Groups into Foxpass during group sync. Just check the "Sync OneLogin Roles instead of Groups" checkbox after enabling group sync and you're good to go!

Optional: Enable Allowed Users list via Group Membership

If you have group sync enabled, you can add an allowed users list from specific groups. This is useful for organizations that only want a subset of their directory to have access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups allowed to be synced. During the group sync process, any users that are not a member of one of those groups are automatically marked as "inactive."

Optional: Enable Non Allowed Users list via Group Membership

If you have group sync enabled, you can have a list of non-allowed users that belong to specific groups. This is useful for organizations that have a large number of machine or role accounts that don't need access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups to be ignored from syncing. During the group sync process, any users that are a member of one of those groups are automatically marked as "inactive."

Optional: Configure subdomains

Foxpass allows you configure/edit subdomains. Click on 'Edit Subdomains' button and specify subdomains or use wildcard subdomains (e.g., *.domain.com). Foxpass will include users from these subdomains, ensuring comprehensive user synchronization across your organization.