Introduction

Setup OneLogin as an OAuth Provider

• First of all, go to https://app.onelogin.com/login and log into your Onelogin account.
• Click on Administration.
  

 

1. You will be presented with the following screen. Hover on Applications and then click on Applications below.
   

 

•  Click on the Add App Button.
  

• You will be shown a search list. Search for OIDC (OpenID Connect) and click on the search result as shown below.
  

• Then, you will be shown a configuration screen. Fill in the Display Name and other details as required, then click on Save.

• You will be redirected to the app details page. Go to the Configuration tab and enter the Redirect URI’s from Thinfinity VirtualUI OAuth/OpenID Connect plugin in the form https://<virtualui-server-url>:<port>/OneLogin and click on Save.
  

• Now, go to the SSO tab. There you will find the Client ID and Client Secret fields. Copy these credentials for later use in Thinfinity VirtualUI OAuth/OpenID Connect Plugin configuration on corresponding fields.
• Make sure to change the Token Endpoint configuration to POST too, then Save.

Assign Users to OneLogin SSO Application

• Hover on the Users tab and click on the Users option from the menu.
  

• You will see the list of users available on your OneLogin platform. Select the user you want to give access to your application.
  

• Now for that user, go to the Applications tab from the left menu and click on the blue + icon to add the application.
  

• Select the application from the drop down list for which you want to allow SSO for that user and click on Continue.
  

• Complete the configurations and click on the Save button.
  

• The application will be listed in the user profile as shown in the image below and now this user can SSO into Thinfinity VirtualUI using his OneLogin credentials for this application.
  

Configure OneLogin into Thinfinity VirtualUI

For OneLogin SSO authentication to work, the binding must be HTTPS (SSL). To know more check  How to Install an SSL Certificate in Thinfinity VirtualUI.

• First, you should open the Thinfinity VirtualUI Server Manager and go to the Authentication tab, click the Add button then select Oauth2.0 > Other.

You must disable the Allow anonymous access option.

• Once the Oauth method has been added, type the Name and Virtual Path of the Authentication Method. Then, on the General tab, fill in the ClientID and Client Secret fields with the credentials you copied earlier in OneLogin setup.
  

• Now, on the Server tab, fill in the details we've seen in previous steps, as shown in the example below.
  

• After you have filled in the details, the next step is to go to the Mappings tab on the Authentication tab of Thinfinity VirtualUI Server Manager, and map the OneLogin user to a user on your network.
  
• Start by clicking Add, and enter the OneLogin ID Mask, then click OK.
  

• Next, while we have selected the OneLogin user we just added, click Add on Associated Permissions and select the user on your network to whom you want to assign the OneLogin credentials.
• When finished, click Apply.
  

Conclusion