Sectona Privileged Access Management (PAM) system integrates with OneLogin multi-factor authentication out of the box using API Integration. This section covers integrating your OneLogin MFA with Sectona PAM:
Before you begin
Make sure you have administrator access to configure new application in OneLogin console.
Make sure the user has the OneLogin protect app installed on his/her Android/iOS device for enabling MFA.
User account information must be in sync between OneLogin and Sectona. Typically if you are using Active Directory you will need to sync it with OneLogin or add users manually using supported methods in OneLogin.
Configuring OneLogin MFA with Sectona
To configure OneLogin MFA with Sectona instance, follow the below-recommended steps:
Login to PAM as an administrator.
Go to Platform Configuration under the Authentication column and click on Multifactor Authentication → One Login.
Fill in the following details:
Description: Provide a suitable description for identification.
Sub Domain: Provide the subdomain as https://api.us.onelogin.com.
Timeout (Seconds): Provide the timeout period for communication attempts from the PAM server to the OneLogin server.
Client ID: Enter your OneLogin Client ID. To get Client ID, login to OneLogin portal. Go to User Profile page, then go to Developer → API Credential → Click on the credential and copy Client ID.
Client Secret: Enter your Client Secret Key. To get Client Secret key, login to OneLogin portal. Go to User Profile page, then go to Developer → API Credential → Click on the credential and copy Client Secret.
Network Proxy: An internal network proxy can be configured in Sectona PAM application. For configuring network proxy, refer to Setting up a network proxy. To configure OneLogin through network proxy, enable the network proxy option by clicking on the checkbox and select the network proxy from the drop-down.
Click on Active to activate the configuration.
Click on Save and OneLogin MFA and push-based authentication will be enabled.
For enabling OneLogin MFA for users, the administrator will need to assign User Logon Policy with MFA Type as OneLogin.
For enabling OneLogin push authentication for users, the administrator will need to assign User Logon Policy with MFA Type as OneLogin Push Authentication.
For more information, refer to Setting up user logonpolicy.
If you want to use OneLogin MFA from Sectona PAM's end, use the method mentioned above. This method would support Push and token-based OTP. Suppose you would like to avail of complete authentication services from OneLogin, visit OneLogin SAML.