In form-based authentication, a user is presented with an editable form to fill in and submit in order to log into an app. OneLogin handles apps that require form-based authentication by taking a stored, encrypted login and password and automatically injecting them into an application's login page, filling out the form, and logging that user in. This enables OneLogin to provide single sign-on access to applications that have not adopted SAML, which is token-based, or those that do not have an API interface.
All form-based OneLogin apps require users to have the OneLogin browser extension installed.
OneLogin administrators have flexibility in determining how a user's credentials are entered for form-based applications: Configured by end-users, Configured by admin, and Configured by admin and shared by all users.
Configured by end-users allows users to input their own credentials the first time they sign into the application. These will be securely stored by OneLogin and auto-injected into the sign-in page by the OneLogin browser extension every time they access that app. For this configuration, end-users will enter their username and password for the application.
Configured by admin allows the account administrator to set each user's credentials individually. This can be done manually on a per-user basis, or automatically by mapping the application field-values in the connector to corresponding user attributes. For this configuration, end-users will only enter their password for the application.
Configured by admin and shared by all users allows the account administrator to configure a single set of application credentials that will be used by every user accessing the application. A sample use-case is a single set of credentials to a company Twitter account that will be used by a group of users. For this configuration, administrators will enter the username and password for the application.