Back to Integrations

OneLogin Integration

Integrate TigerAccess with OneLogin for unified access management, single sign-on, automated provisioning, and streamlined identity lifecycle management.

View DocumentationRequest Demo
Features

Complete OneLogin Integration

Leverage OneLogin's identity platform for seamless infrastructure access management.

Enterprise SSO

SAML 2.0 and OIDC single sign-on with OneLogin for seamless authentication to all infrastructure resources.

SCIM Provisioning

Automated user provisioning and deprovisioning with SCIM 2.0 for real-time identity synchronization.

Directory Sync

Continuous directory synchronization with OneLogin for up-to-date user attributes, groups, and roles.

Smart Hooks

Leverage OneLogin Smart Hooks for custom authentication workflows and dynamic access policies.

Capabilities

Enterprise-Grade OneLogin Integration

SAML 2.0 SSO integration
OIDC authentication support
SCIM 2.0 user provisioning
Automated user deprovisioning
Group-based role mapping
MFA policy enforcement
Smart Hooks integration
Directory attribute sync
Nested group support
Session policy inheritance
Custom claim mapping
Multi-factor authentication
Setup

Get Started in Minutes

Follow these simple steps to integrate TigerAccess with OneLogin.

1

Configure OneLogin Application

Create a new SAML 2.0 application in OneLogin for TigerAccess and configure the SSO settings.

# OneLogin SAML Configuration
ACS URL: https://tigeraccess.example.com/v1/webapi/saml/acs
Entity ID: https://tigeraccess.example.com
Issuer: https://app.onelogin.com/saml/metadata/<app-id>

# SAML Attributes
email: Email
username: Username
groups: Member Of
2

Add OneLogin Connector

Configure the OneLogin integration in TigerAccess with your OneLogin subdomain and API credentials.

tacctl sso configure oidc onelogin \
  --issuer-url=https://mycompany.onelogin.com/oidc/2 \
  --client-id=<client-id> \
  --client-secret=<client-secret> \
  --redirect-url=https://tigeraccess.example.com/v1/webapi/oidc/callback

# Enable SCIM provisioning
tacctl integrations add onelogin \
  --scim-token=<scim-token> \
  --subdomain=mycompany \
  --region=us
3

Configure Role Mapping

Map OneLogin groups to TigerAccess roles for automatic permission assignment.

# Create role mapping configuration
tacctl sso set-role-mapping \
  --connector=onelogin \
  --mapping='{"Engineering":"access,ssh-users","SRE":"access,admin"}'

# Verify sync status
tacctl integrations status onelogin
# ✓ Users synced: 150
# ✓ Groups synced: 12
# ✓ Last sync: 2 minutes ago
Use Cases

Real-World OneLogin Scenarios

Automated User Lifecycle

Automatically provision and deprovision users in TigerAccess when they join or leave your organization in OneLogin, ensuring access is always current.

Group-Based Access Control

Map OneLogin groups to TigerAccess roles for automatic permission assignment. Users inherit infrastructure access based on their OneLogin group membership.

MFA for Privileged Access

Enforce multi-factor authentication through OneLogin for all privileged infrastructure access with support for various MFA methods.

Custom Authentication Flows

Use OneLogin Smart Hooks to implement custom authentication logic, risk-based access decisions, and dynamic permission grants.

FAQ

Frequently Asked Questions

How does SCIM provisioning work with OneLogin?

TigerAccess implements SCIM 2.0 protocol for real-time user provisioning. When users are added, updated, or removed in OneLogin, changes are automatically pushed to TigerAccess. This includes user attributes, group memberships, and status changes, ensuring access is always synchronized.

Can I use OneLogin MFA with TigerAccess?

Yes. When using OneLogin for SSO, all OneLogin MFA policies apply to TigerAccess authentication. This includes OneLogin Protect, SMS, TOTP, and hardware tokens. Users authenticate once with OneLogin MFA and receive short-lived TigerAccess certificates.

What are OneLogin Smart Hooks and how do they work with TigerAccess?

OneLogin Smart Hooks are serverless functions that execute during authentication flows. You can use them to implement custom logic like risk scoring, conditional access, or dynamic role assignment. TigerAccess respects claims and attributes set by Smart Hooks for access decisions.

How are nested groups handled in OneLogin integration?

TigerAccess supports nested OneLogin groups. When syncing, all parent and child group memberships are resolved, and users inherit roles from all groups they belong to, directly or indirectly. This enables hierarchical access control structures.

Can I use both SAML and OIDC with OneLogin?

Yes. TigerAccess supports both SAML 2.0 and OIDC for OneLogin integration. OIDC is recommended for modern deployments as it provides better support for programmatic access and API integrations, while SAML is ideal for traditional web-based SSO.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free TrialContact Sales

No credit card required • 14-day free trial • Enterprise support available