A number of account-level settings are available for configuration only by the Account Owner. These settings determine broad-based account policies that are unlikely to change with any regularity. They should be configured when you initially implement OneLogin for your organization.
To access Account Settings, log in as an Account Owner and go to Settings > Account Settings.
The Basic tab includes settings that affect how the end-user engages with their personal account, applications, and the OneLogin portal. It also includes settings that determine some admin-level privileges.
Personal Applications - Enable to allow your users access to personal applications that they add on their own to their OneLogin portal. Typically social media apps fall under this category, but the user can add any app to their Personal Apps for quick and simple login. Administators cannot view or manage these apps.
Private Applications Catalog - Enable to allow your users the ability to request access to applications that are already configured for use within your organization but that may not be included in Roles that the user is assigned to. Note: This is a preview feature that is currently available to admins only.
Password Controls - These settings control how your organization and its users handle passwords.
Important! Some of these options are enabled by default. You can disable them, but to re-enable them, you must send an official request to OneLogin Support.
Admin password reveal: Enabled by default. Allows admins to view users' application passwords for "company apps" that use form-based authentication. This option does not allow admins to see passwords for "personal apps."
Enable password mapping: By caching encrypted passwords in OneLogin's database, OneLogin can use these passwords (AD Passwords, for instance) to provide access to apps for sign-in or provisioning purposes.
This option must be enabled if you want to use OneLogin SSO passwords as the app password for apps that support SSO password mapping, such as Google Apps and Salesforce. If you enable this option and set the Password parameter to SSO password on the Parameters page for the app, users' app credentials will change every time their OneLogin SSO credentials change. You must also Enable directory fallback password cache to enable SSO password mapping, and it is recommended that you enable SSO password prompt.
For Desktop SSO, the user must log in at least once into their onelogin account in order for the password to be cached, because Desktop SSO relies on a token and not the actual password.
SSO password prompt: If an application is using the password mapping feature, the application will detect when a user's password is out of sync with the directory, prompt the user for their password, and then cache it.
Enable directory fallback password cache: Enabled by default. Allows OneLogin to authenticate a user based upon a cached hash of the last successful password in the event of lost communication between OneLogin and the third-party directory.
Logout URL - Specifies a global custom logout destination for any user logging out of their account.
SAML Apps - Disable to force the SAML Name ID to be populated through mappings or by merely the default value.
Assuming Users - Enables account admins and OneLogin support team members to view end-user accounts through the 'eyes' of the user. It allows quick diagnosis and solution of potential problems as well as a more effective troubleshooting workflow.
OpenID - Enable to allow the use of OpenID for users, which is another method of authentication for each individual user identity.
Force Tabs - Enable to force all users to have their different collections of apps organized into tabs, instead of the default organizational method which is to have them all on the same page.
Secure Notes - Enable to allow your users to create and access secure notes. For more information, see Secure Notes.
Framing Protection - Enable to prevent the embedding of your OneLogin dashboard into other websites.
Deactivate Account - Deactivate your OneLogin account.
Using the power of Twilio, OneLogin can allow for self-service password reset by sending a new temporary password to the end-user's mobile device. For more information, see SMS Password Reset.
OneLogin supports a substantial level of localization in a variety of languages. Be aware that this only affects end-users, while the administrator portal remains largely in English. For the configuration process and more details about what localization does, see Configuring Localization.
While most notification configuration happens on the Activity > Notifications page and the Settings > Branding page, you can use this tab to provide a list of email addresses for the people who should receive security-related notifications from OneLogin. In the Security contact email list, enter as many email addresses as you like, separated by commas.