Book a demo

OneLogin with OpenID Connect

Add IAM on the App Settings Page

  1. Navigate to the App Settings page in the Immuta console and click the Add IAM button.

  2. Complete the Display Name field and select OpenID from the Identity Provider Type dropdown.

  3. Adjust Default Permissions granted to users by selecting from the list in this dropdown menu.

Add OpenID Connect in OneLogin

  1. Navigate to OneLogin, click Administration, and then select Applications from the Applications menu.

  2. Click Add App in the top right corner of the screen. Search for and select OpenID Connect (OIDC).

  3. Complete the Display Name field and click Save.

Complete the Configuration

  1. From the Identity and Access Management window in your Immuta tenant, copy the SSO Callback URL to your clipboard.

  2. Return to OneLogin, click the Configuration tab in the left panel, and paste the URL in the Login Url and Redirect URI's fields.

  3. Click Save in the top right corner of this screen.

  4. Click the SSO tab in the left panel of your OneLogin account. Copy the Client ID and the Client Secret and paste these values in the corresponding fields in your Immuta tenant.

  5. Then, right click the Well-known Configuration text from the SSO tab of OneLogin, and copy the link to your clipboard.

  6. Return to your Immuta tenant, and paste this link in the Discover URL field; pasting this link here prevents you from having to manually fill out the rest of the form.

  7. Confirm email as the User ID claim, and fill out the Scopes section.

  8. Return to OneLogin and scroll to the Token Endpoint section. Select POST from the Authentication Method dropdown.

  9. Click Save.

  10. Return to your Immuta console, opt to Enable SSL and Enable SCIM support for OpenID. Validate that the usernames in your IAM match those in your data platform (Snowflake, Databricks, etc.). If they are incorrect in the IAM or the casing doesn't match, fix the data platform username in the identity provider before configuring SCIM in Immuta.

  11. In the Profile Schema section, map attributes in OpenID to automatically fill in a user's Immuta profile. Note: Fields that you specify in this schema will not be editable by users within Immuta.

  12. Opt to Allow Identity Provider Initiated Single Sign On, External Groups and Attributes Endpoint, and Migrate Users.

  13. Click Test Connection. Once the connection is successful, click Test User Login.

  14. Click Save.

PreviousOkta and OpenID ConnectNextSAML

Last updated

Was this helpful?