Set up the OneLogin Sync integration

Learn how to set up the OneLogin Sync integration in MRI OnLocation. You need the Account Owner or IT Support user role to set up the integration.

In OneLogin

Step 1: Create a read-only pair

Before you can connect OneLogin with OnLocation, you must set up a read-only API credential pair in OneLogin. This will give OnLocation the ability to access your information in OneLogin.

Make a note of your client secret and client ID, you will need to enter these details in OnLocation.

The instructions are outlined on the OneLogin Developer website.

Step 2: Set up a role for OnLocation users

If only a portion of your users will be synced with OnLocation, set up a role for the users who will be included in the import.

The instructions are outlined in the OneLogin Knowledge Base.

In OnLocation

Step 1: Enable the integration in OnLocation

  1. Go to Tools > Account.
  2. Select Integrations from the left-hand menu.
  3. Click OneLogin Sync.
  4. Click Enable, then click Confirm.

    OnLoginSync-Enable.png

Step 2: Add your OneLogin API credentials

  1. In the Enabled Integrations tab, click Manage Settings.

    OnLoginSync-Manage-Settings.png
  2. Click Credentials.

    OnLoginSync-credentials.png
  3. Select your OneLogin Region: US or EU.
  4. Enter your client ID and client secret from OneLogin.

    OnLoginSync-credentials-test.png
  5. Click Test.
  6. Click Save.

Step 3: Configure your sync settings

  1. In the OneLogin Sync integration screen, click Settings.

    OnLoginSync-settings.png
  2. Select your import mode:

    Do not import anything (Dry Run) – Test your sync without importing any information. You will be able to see what the results would look like without actually changing any employee information in OnLocation.

    Import new items, ignore existing – Any employees that are in OneLogin but not OnLocation will be imported. No existing employees will be edited.

    Update existing items, do not import new – Any employees that have been edited in OneLogin will be updated in OnLocation. No new employees will be imported.

    Update existing items and import new (ALL) – Any employees that have been added or edited in OneLogin will be added or edited in OnLocation.
  3. Choose your new employee policy. This determines if a new employee that has been added through the sync with OneLogin can log into OnLocation.

    Manual Activation
    – the administrators of your account will manually control who can log into OnLocation.

    Automatic Activation – this will automatically send an OnLocation login permission email to the new user.
  4. Select Yes next to Prune Import if you’d like to delete employees from OnLocation that are no longer in OneLogin.
  5. In the Import Users field, choose All or Single Role.
  6. In the Role to sync field, select All or Single Role. If you select Single Role, you'll then need to choose the role you've added in OnLogin. 
  7. In the Sync schedule field, choose when you’d like the daily sync with OneLogin to occur.
  8. Click Save.

    OnLoginSync-settings-sync.png

Step 4: Add sync rules

Sync rules are used to manage the import of data into OnLocation. They can be used to exclude people, add additional settings based on sync information, and result in information updates. Along with specific rules, you can create rule groups to apply rules to a group of people with specific attributes.

In the OneLogin Sync integration screen, click Sync rules.

OnLoginSync-sync-rules.png

Learn more about the types of rules you can set up. 

Step 5: Run the first sync

  1. In the OneLogin Sync screen, click Sync Now.

    OnLoginSync-sync-now.png
  2. Once it’s finished, click View to check that the records have imported as expected.

    OnLoginSync-sync-view.png
  3. (Optional) If there are errors, click the number in the error column, check the error message. 

    OnLoginSync-sync-log.png
  4. Make any required updates in OneLogin, then run the sync in OnLocation again.