Sync With OneLogin
This describes how to set up Foxpass to delegate password verification to OneLogin.
1. Create a "Read Users" API Credential Pair
Go to Developers > API Credentials > New Credential. Enter your credential name say "Foxpass" and click Save.
Follow the instructions here to create an "Read Users" API credential pair:
https://developers.onelogin.com/api-docs/1/getting-started/working-with-api-credentials
Create API credential pair
Copy client secret and client id
Copy down the "Client ID" and "Client Secret". Click Done.
2. Enter your Credential Pair into Foxpass
Go to the Foxpass 'Sync' page. Click on the "OneLogin" tab. Choose 'Yes' from one or both of the dropdown menus, then enter the API credentials you copied in the previous step and select the United States (US) or Europe (EU) endpoint to use.
Enter Client ID and Client Secret in Foxpass
3. (Optional) Sync Roles instead of Groups
You can optionally sync OneLogin Roles instead of OneLogin Groups into Foxpass during group sync. Just check the "Sync OneLogin Roles instead of Groups" checkbox after enabling group sync and you're good to go!
Optional: Enable Group Sync Allowed list
If you have group sync enabled, you can have allowed list of groups, which get imported during sync. This is useful for organizations that only want to import a subset of their groups used in Foxpass. Once group sync is enabled, you'll see a field to add any group prefixes for adding to allowed list. During the group sync process, any groups that do not begin with that prefix are not synced with Foxpass.
Optional: Enable Allowed User list via Group Membership
If you have group sync enabled, you can add allowed users that belong to specific groups. This is useful for organizations that only want a subset of their directory to have access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups which are allowed. During the group sync process, any users that are not a member of one of those groups are automatically marked as "inactive."
Optional: Enable Non Allowed User list via Group Membership
If you have group sync enabled, you can have a list of non allowed users that belong to specific groups. This is useful for organizations that have a large number of machine or role accounts that don't need access to Foxpass. Once group sync is enabled, you'll see a field to mark any groups to be ignored from syncing. During the group sync process, any users that are a member of one of those groups are automatically marked as "inactive."
Updated 5 months ago