OneLogin Desktop for Mac enables you to log in to your Mac using OneLogin credentials and a certificate installed in your keychain to provide authentication to access your OneLogin portal page and SSO-enabled apps. In other words, you log in once to your Mac and go straight to your OneLogin portal or your SSO-enabled apps without providing credentials again.
To get started with OneLogin Desktop, run an installer on your Mac that automatically enables an existing local user account to use your OneLogin credentials or creates a new user account that can use them.
This article is intended for "end users." It includes the following topics:
- System requirements
- Install OneLogin Desktop for Mac Full
- Tray App
- Upgrade your OneLogin Desktop account
- Use your new user account for the first time
- Changing your password
For administrator documentation, see Manage Macs Using OneLogin Desktop.
- Mac OS X 10.11+
- Macs can't join an Active Directory domain.
- If you enable OneLogin Desktop for an existing account on your Mac, that account can't be associated with iCloud.
- Browsers: Chrome or Safari are required to use the certificate to provide access to the OneLogin portal or SSO-enabled apps without having to reauthenticate.
Configure your Mac to support OneLogin Desktop for Mac
Log in to your Mac using an account with administrator privileges for the machine.
Log out of any other accounts running on your Mac.
Open a browser and log in to OneLogin.
Go to your user Profile page.
On the Profile page's Security tab (which opens by default), go to the OneLogin Desktop for Mac section and click the Download link to get the installer.
Double-click the downloaded OneLogin Desktop installer file.
A new Finder window opens, displaying the OneLogin app and the Uninstaller.
Open the OneLogin app.
If you see the message, "OneLogin.app can't be opened because it is from an unidentified developer," click OK and go to System Preferences > Security & Privacy to allow OneLogin.app to be opened.
On the General tab, click Open Anyway.
When the installer launches, Requirements for OneLogin Desktop Installation appears.
If you meet all of the installation requirements--your battery is charged at least 10% or your computer is plugged in, and you are connected to the internet--click the Continue button.
If you fail to meet one of the requirements, a yellow exclamation point displays next to the unmet requirement. If you're internet is disconnected or you don't have sufficient power (your computer isn't plugged in or you don't have at least 10% battery life), then the Continue button is grayed out.
You must resolve the missing requirement. Don't cancel and rerun the installer if you can remedy the missing requirement while the installer is running.
Note: The power requirement exists to protect you from an incomplete installation.
Note: Logging is turned on by default. You can turn it off at any time by clearing the Turn on Logging checkbox, but logging can help your admin if you run into issues during installation.
On the OneLogin Desktop Terms of Service page, scroll to the bottom of the terms (oh yeah, and read them), then click the I agree button.
When the welcome screen appears, click Start.
At the helper tool prompt, provide the password of the admin account you are logged in as and click Install Helper.
On the Select Installation Type page, choose Basic or Full install.
- Select Full and click Next.
Enter your domain (the "yourcompany" part of
yourcompany.onelogin.com) and click Next.
The next screen displays your company's OneLogin login screen; enter your OneLogin username and password and click Log In.
Select the Mac account that you want to enable for OneLogin Desktop, and click Next.
From the drop-down, you can:
Select an existing OneLogin Desktop account, which upgrades OneLogin Desktop for that account.
Select an existing user account on your Mac, which enables that account for OneLogin Desktop for the first time.
Create a new account and enable it for OneLogin Desktop.
If you have a OneLogin Desktop account on your Mac, you can't create a new account, but you can enable a different existing account as your OneLogin Desktop account.
Important! If you enable an existing account, it cannot use iCloud keychain. If you want to enable OneLogin Desktop for an account that uses iCloud keychain, exit the installer and disable iCloud keychain before rerunning the installer.
Important! If you have only one admin account on your Mac, do not enable it for OneLogin Desktop. Your Mac should always have a local admin account that is not enabled for OneLogin Desktop.
Enter the password of the user account that you enabled for OneLogin Desktop, and click Next.
If your computer uses FileVault for disk encryption, the installer prompts you to enter the FileVault password.
This is usually the password for your current user account. Enter it and click Next.
Once the installation completes, you're prompted with the message that indicates successful installation, click Done.
- Please proceed to log off from the profile and log back in with your OneLogin credential to complete the Keychain password sync.
The OneLogin Desktop Full provides a Tray app that enables users to generate a new certificate if the previous one has expired.
The Tray app icon is located near the status menu, on the menu bar, and looks like this:
Click on the icon to open the Tray app.
To generate a new certificate, click Generate new certificate.
Once you click this, a confirmation screen appears.
Use your OneLogin Desktop user account for the first time
Log in to the OneLogin Desktop account using your OneLogin password.
If you enabled OneLogin Desktop for an existing local account, the account name will be unchanged.
If you created a new account when you installed OneLogin Desktop, the account name will be your OneLogin user name (usually your email).
Note. We recommend that you log in to the OneLogin Desktop user account before you restart. If, however, you restart your Mac before you log in to your OneLogin Desktop user account for the first time, be aware that FileVault will continue to want your old local account password. Assuming that your Mac uses FileVault, you'll see the login screen twice. Enter the old password on the first login screen. FileVault will run for 10-20 seconds, decrypting your disk, and then the operating system will display the login screen again. Enter the OneLogin password. On subsequent logins, the FileVault and OS passwords will both be your OneLogin password, and you'll just see one login screen, just as you expect. Note that if you log in to your Mac immediately after you install OneLogin Desktop, without restarting, the login process will use your OneLogin credentials from the get-go.
You'll be prompted to sign in to iCloud; you can skip this.
If your admin has given you the ability to skip OneLogin browser authentication when you're logged in to your Mac with your OneLogin credentials, open your browser and go to your OneLogin portal.
The first time you try to authenticate to OneLogin from your browser (whether you are logging in to your OneLogin portal or trying to access an app through OneLogin SSO), you will be prompted to Log in with OneLogin Desktop or accept the OneLogin certificate that was installed, depending on your browser.
In Safari, enter your credentials on the OneLogin login page and click Log in with OneLogin Desktop.
Note. You should only have to click this link once; however, if you clear your browser cache, you will be prompted again.
Note. If you have locally-installed clients (like Slack or RingCentral, for example) that use OneLogin for authentication, Safari can perform a little magic for you that Chrome can't: after you log in to your OneLogin portal using Safari and and click Log in with OneLogin Desktop, Safari will tell Mac OS X that the OneLogin Desktop certificate can be used for local apps that use OneLogin for authentication. It doesn't work for every one of your OneLogin-authenticated desktop apps, but it does work for some.
In Chrome, you will be prompted to select the specific certificate installed by OneLogin Desktop. Select it and click OK.
Note. In Chrome, you will be prompted to accept the certificate each time you restart your browser or clear your browser cache.
Firefox does not allow certificates to be used to authenticate to a third-party like OneLogin; therefore it does not support browser SSO bypass in this release. You must provide your OneLogin authentication credentials in the browser when you access the OneLogin portal login page or apps that use OneLogin SSO.
Change your password
You cannot change your password on your Mac. You must change it using OneLogin.
To change your password:
Open a browser and log in to your OneLogin portal.
Go to your user Profile page.
Select Change Password.
Enter your current password and your new password
Log out of your Mac.
When you log back in, use your new password.