You can enable your users to sign in to OneLogin using their Google, Facebook, LinkedIn, or Twitter credentials. You, as an admin, simply create a security policy that includes social sign-in and apply that security policy to your users.
Your users then go to their security settings, choose the social providers they want to use, and give OneLogin permission to use those providers. The next time they want to log in to OneLogin, they have the option to sign in using any social provider they have enabled.
For new users, it's even simpler: you add them to a user policy that includes social sign-in, invite them to use OneLogin, and they can sign in to OneLogin using a social provider the very first time they see the OneLogin login screen. They'll never have to create a OneLogin password.
Important! Users cannot use both social sign-in and multi-factor authentication (MFA), like OTP, in the same login session. If users are on a security policy that provides social sign-in and requires MFA, MFA only applies when users choose to log in to OneLogin using their OneLogin username and password.
Note. You must have an Enterprise plan or higher. Contact your OneLogin sales rep to upgrade.
This article covers the following topics:
- Enabling Social Sign-in for Your Users
- Enabling Social Sign-in for Yourself
- Logging in to OneLogin using Social Sign-in
Enabling Social Sign-in for Your Users
- Log in to OneLogin as an admin.
- Go to Settings > Policies.
Click the New User Policy button.
Of course, you can also open an existing user policy and modify it to enable social sign-in as described below.
Name the policy and Enable Social Sign-in.
A list of available social sign-in providers appears; select the providers that you want your users to be able to use.
Important! Users cannot use both social sign-in and multi-factor authentication (MFA), like OTP, in the same login session. You can include both MFA and social sign-in in the same security policy, but if users are on a security policy that provides social sign-in and requires MFA, MFA only applies when users choose to log in to OneLogin using their OneLogin username and password.
For more information, see User Policies.
- Click Save.
Assign the user policy to your users.
You can assign a policy to users in two ways:
- Groups - Assign the policy to a group and then add users to the group, associating the policy to all users who are a member of the group. For more information, see Groups.
- Manually - Add the policy to the user directly in the User Security Policy drop-down on the Authentication tab in the user record. This overrides any group policies applied to the user. For more information, see User Policies.
For new users, send a new user invitation.
When users follow the link in the invitation, they will see the social login options on the login page.
They can skip password selection and just log in by clicking a social sign-in provider icon. They will be prompted for their social sign-in provider credentials and redirected to the OneLogin portal.
Give your existing users the instructions in Enabling Social Sign-in for Yourself.
The existing users who have been assigned the social sign-in enabled user policy must go to their Security page and choose the social sign-in providers they want to use. They can then log in using those social sign-in providers whenever they want.
Tip. To view the social sign-in providers that a user has enabled, go to Users > All Users, select the user, and go to the User Info page:
Enabling Social Sign-in for Yourself
Before you can log in using the social sign-in providers that your OneLogin admin has made available to you, you must log in to OneLogin using your OneLogin credentials (usually company email and password) and enable social sign-in for the providers you want to use.
Note. Once your OneLogin admin enables social sign-in for your company, the social sign-in icons will appear on your OneLogin login page, even if you haven't enabled them for yourself yet. If you try to log in using social sign-in before you follow the procedures described below, you'll see an error message telling you that you can't.
- Log in to OneLogin using your OneLogin user name and password.
Click the user icon in the upper right of the toolbar to access your user menu, and select Security.
On the Security page, click Connect for each social sign-in provider you want to use to log in to OneLogin.
You will only see the social providers made available to you by your OneLogin admin.
For each social sign-in provider that you connect to, you will be prompted to sign in to your provider and give OneLogin access to the basic user data it needs to authenticate you.
After authorizing each social sign-in provider, you will be returned to your OneLogin portal ("App Home"). You must return to the Security page to connect to additional social sign-in providers.
When you have succeeded in connecting to a social sign-in provider, the Security page will display your social sign-in provider user account.
If you want disable your access to a social sign-in provider, click Revoke.
You are now ready to log in to OneLogin using your social sign-in provider credentials.
Logging in to OneLogin using Social Sign-in
To log in to OneLogin using your social sign-in provider credentials, simply click the icon of the social sign-in provider you want to use. In the example below, the user has the option to use Google, Facebook, LinkedIn, or Twitter to log in.
Enter your social sign-in username and password, and you'll be logged in to OneLogin.