OneLogin Support
Thomas Pedersen Jul 03 • Announcements
We have just released the OneLogin extension for Safari 5. Besides being compatible with Safari 5, the new extension is also completely Javascript-based, which means it's more lightweight, more robust and simply easier to deal with in all aspects.
Uninstall old OneLogin extension
If you are using old OneLogin extension, you should uninstall it before proceeding. Using the Finder, go to /Applications/OneLogin and run Uninstall.
Upgrade to Safari 5
If you have not already upgraded to Safari 5, you can do so via Software Update in Mac OS X or by downloading it directly from Apple.
Install new OneLogin extension
To install the new extension, simply go to onelogin.com/downloads and download it.
Thomas Pedersen May 28 • 1 • Tips & Tricks
Most of us like to use the fewest clicks possible to reach any particular application. Google Apps for Domains acts as umbrella for Mail, Docs, Calendar and Sites as well as any apps you have added from Google Apps Marketplace.
When you use SAML to log into Google Apps for Domains, you can still link directly to the underlying apps and it works very well with OneLogin. The URLs are going to look something like this:
https://mail.google.com/a/mycompany.com/?tab=om#inbox
https://www.google.com/calendar/hosted/mycompany.com/render?tab=oc&...
https://docs.google.com/a/mycompany.com/?tab=mo&AuthEventSource...
Once you have logged into Google Apps, go to Mail, Docs, Calendar, Sites and add bookmarks for them in your browser's bookmarks bar. Now, if you click on any of those links, you will be taken directly to them. If you are not already logged into Google Apps, OneLogin will log you in automatically. And if you're not logged into OneLogin either, you will be taken directly to the link you clicked after you have logged in.
Thomas Pedersen May 15 • 1 • Documentation
Policies allow you to define OneLogin password requirements and IP address restrictions at different levels in your account. You can define as many policies as you want and apply them to specific groups or individual users. The default policy will apply for any user that has no user or group policy.
A policy has the following settings:
- User passwords expire in – the number of days between forced OneLogin password changes
- Enforce password history – allows you to prevent users from reusing old OneLogin passwords
- Minimum password length – the minimum required length of OneLogin passwords
- Password complexity requirement – defines the minimum required password complexity, e.g. alphanumeric and special characters
- Maximum invalid login attemps – maximum consecutive failed login attemps before account is locked
- Lock effective period – number of minutes a user's login is locked after failed login
- IP address restrictions – allows you to restrict access to individual IP addresses
Thomas Pedersen Apr 24 • API
OneLogin provides several convenient URLs that can be used for triggering single sign-on from locations other than OneLogin's dashboard. For example, if you want to provide convenient links to some of your company's apps on your intranet, you could do it like this:
<a href="https://app.onelogin.com/launch/salesforce">Salesforce.com</a>
<a href="https://app.onelogin.com/launch/zendesk">Zendesk</a>
<a href="https://app.onelogin.com/launch/21432">Twitter-marketing</a>
<a href="https://app.onelogin.com/launch/23145">Twitter-support</a>
When a user clicks on any of the links, they will be redirected to OneLogin and, if they have an active OneLogin, logged into the application. If the user does not have an active session, the login will be performed after the user has been authenticated. Users may be authenticated by OneLogin automatically if integration with Active Directory or LDAP has been enabled.
Launch a specific app
The URL below will initiate single sign-on for the app with ID <app-id>. The app must belong to the user's account and the user must have an active login entry for the app.
https://app.onelogin.com/launch/<app-id>;
Launch a generic app
The URL below will log the user into the app with shortname <app-shortname>. If there is more than one app available with this shortname available to the user, (e.g. two WordPress accounts), the user be redirected to the dashboard.
https://app.onelogin.com/launch/<app-shortname>;
Thomas Pedersen Apr 22 • 1 • Announcements
Today's upgrade contains three major new features that we are very excited about.
- Support for VeriSign VIP Access Identity Protection
- Multiple roles per user
- Synchronization with Google Apps users
Let's dig in.
VeriSign VIP Access
In addition to Yubico's YubiKey, we now also support VeriSign's VIP Access, which let's you generate a one-time password using your mobile phone. VIP Access supports hundreds of different phone models including iPhone, Android, BlackBerry and Windows Mobile phones.
VeriSign VIP Access is great for mobile users or if you need two-factor authentication via a computer that doesn't have a USB port, such as an Apple iPad.
The use of VeriSign VIP Access is provided free of charge for users on our paid plan.
Multiple Roles per User
This is by far the most requested feature by our users and now it's finally here. WIth multiple roles per user you can now break your roles down into smaller and more manageable entities and create layers of apps. Consider the following roles:
- Employee: Google Apps, PBworks
- Salesperson: Salesforce.com, PivotLink
- Support: Zendesk, GetSatisfaction, CoTweet
- Marketing: HubSpot, Google Analytics
The employee apps are used by everyone, but we have different roles for different departments. This setup will allow you to allocate apps to users the following way:
- Amanda: Employee, Marketing - Google Apps, PBworks, HubSpot, Google Analytics
- Peter: Employee, Salesperson - Google Apps, PBworks, Salesforce, PivotLink
- Hannah: Employee, Salesperson - Google Apps, PBworks, Salesforce, PivotLink
- Mark: Employee, Support - Google Apps, PBworks, Zendesk, GetSatisfaction, CoTweet
- Joe: Employee, Support - Google Apps, PBworks, Zendesk, GetSatisfaction, CoTweet
You can even have overlapping roles, i.e. a user can have two roles with the same app. OneLogin will automatically figure out when to grant or revoke the app. Read more about roles here.
Google Apps User Synchronization