OneLogin Configuration

Background

Twingate integrates with OneLogin in order to both synchronize user accounts and delegate user authentication to OneLogin. Only users that are assigned to the OneLogin Twingate application will be able to use Twingate and access private resources.

Twingate delegates the following functions to OneLogin via the OneLogin Twingate application:

  • User authentication via OpenID Connect
  • User and group synchronization via SCIM

When activating your Twingate account with OneLogin, you will need to set up an Authentication Policy with the credentials from the OneLogin Twingate application. You can configure what OneLogin security policies apply to users of the Twingate client application via this OneLogin Twingate application.

Steps to configure the OneLogin Twingate integration

  • Create and configure the Twingate application in the OneLogin Admin console
  • Complete and validate the integration configuration in the Twingate Admin console

Supported Features

Currently we support Service Provider Initiated (SP-Initiated) SSO via OpenID Connect (OIDC), and SCIM for user and group sync.

Requirements

  • OneLogin OIDC integration is supported for Twingate customers on the Business and Enterprise plans.
  • User synchronization uses SCIM, which requires OneLogin’s Unlimited Plan. See OneLogin’s documentation for more details.

Setting up the OneLogin Twingate application

1. Under the Applications page, click on Add App at the to right corner.

2. Search for Twingate, and then select the Twingate application.

3. We recommend that you disable the “Visible in portal” toggle (shown below) to hide Twingate in your users’ OneLogin portal. This is because users can only authenticate when starting their session directly from the Twingate Client application on their device.

Then click Save.

4. Assign access to the Twingate application using OneLogin roles.

Completing the OneLogin integration in Twingate

When activating the OneLogin integration in the Twingate Admin console, you will be presented with the screen below.

  • For the OneLogin Subdomain, you can inspect the URL you use to access the OneLogin Admin Dashboard. Alternatively, in the OneLogin Admin Dashboard, navigate to the Settings > Branding page. Under the Brand section, you will see your OneLogin subdomain.
  • For the Client ID and Client Secret, copy these values from the SSO tab of the Twingate application you created in OneLogin.

In Twingate, you’ll be asked to sign in with OneLogin to make sure the credentials are entered correctly. Follow the wizard to complete the activation of the OneLogin integration.

Configuring SCIM for user & group synchronization

Complete the configuration process by setting up SCIM for user and group sync between OneLogin and Twingate.

→ Configure SCIM for user & group sync

Last updated 13 days ago