Integrate OneLogin with ZTP using OIDC

Prerequisites

This integration requires the following:

• A OneLogin account with admin credentials

• An active ZTP account, accessible using the Bootstrap Identity provided by AppGate

• A test user account on OneLogin with at least the following attributes configured:

  • email, for example: joe.smith@mycompany.com

  • firstName, for example: Joe

  • lastName, for example: Smith

Step 1: Add a new custom connector in OneLogin

1. In your OneLogin console, go to Applications > Custom Connectors.

2. Click New Connector.

3. Complete the connector configuration using the following values:

4. Leave all other fields at their default values and click Save.

5. In the More Actions drop-down menu on the right, select Add App to Connector.

6. Enter a display name, for example: AppGate ZTP, and click Save.

Step 2: Configure the application

1. In the left menu, select SSO and go to the Token Endpoint section.

2. Set Authentication Method to Post.

NOTE

Completing this step is required. OneLogin defaults to a different authentication method, which can cause errors during integration.

3. Record the following values. You will need them to complete the ZTP configuration form:

   • Client ID

   • Client Secret

   • Issuer URL

4. Leave all other fields at their default values and click Save.

Step 3: Configure the IdP in ZTP

1. In ZTP, go to Settings > Identity Providers in the left menu.

2. Click Add New and select Open ID provider.

3. Complete the form using the following values:

4. Copy the Redirect URI from the ZTP configuration form by clicking the copy to clipboard button.

5. In OneLogin, return to the custom connector configured in Step 1 and replace the placeholder URL (https://example.com) in the Post Logout Redirect URI field with the Redirect URI you copied from ZTP.

6. Click Save and test the integration.