If you are looking to set up Single Sign-On and User Provisioning for One Login please follow this article. Single Sign-On will grant the ability to sign into an Application without the need for sign-in details. User Provisioning will allow for user profile fields to be synced over and updated.
All information is fed into Blink. Changes to any profile cannot be done in Blink, only within One Login.
If you are looking to set this feature up, please ensure you are an Administrator within your Blink Instance and you will need a secret token. This can be acquired by reaching out to firstname.lastname@example.org. This will be generated and sent back to you within the same week this is requested.
In this article:
What features are supported with this
What Features are supported with this:
Single Sign-On via SAML
User provisioning which allows you to create, update and disable OneLogin Users in Blink
Step 1: Add the Blink Application to your OneLogin Applications
Login to OneLogin, go to your Administration, and then Applications
Click Add App, search for Blink, and click on it
On the next screen click Save
Step 2: Configure Single Sign On
Within the newly added Blink app in OneLogin, click the Configuration Tab
Within Blink, go to the Admin Portal by clicking the Admin button on the sidebar
In Admin Portal, click on the Authentication tab
Within Authentication Methods, select SAML, you will then see the Entity Id and ACS URL values appear on the page
Back to the Configuration Tab in OneLogin, paste the Entity Id as the SAML Audience URL and the ACS URL as the SAML Consumer URL
On the top right corner, click More Action > SAML Metadata to download the metadata (XML file) from One Login
Click Save on the top right corner once you have downloaded the file
Back in Blink, on the Authentication Tab, click Read metadata file, select the metadata file you have downloaded from OneLogin and click Open
Once the metadata file has been uploaded, you will notice, that the Login URL, Logout URL, and Signing Certificate have now been added to the metadata. Click Save Changes at the bottom right of the page.
If you wish to configure User Provisioning, carry on the configuration with Step 3. Otherwise please directly go to Step 4.
Step 3: Configure User Provisioning
In OneLogin, under Applications, click on the Configuration tab of the Blink app
Paste the authentication token you have been provided by Blink in the SCIM Bearer Token field and click the Enable button. This will connect to the Blink API and the light will turn green once successful. Click Save in the top right corner once connected.
Next, go to the Provisioning tab and tick Enable provisioning
Under Require admin approval before this action is performed untick “Create user”, “Delete User” and “Update User”.
When users are deleted in OneLogin, or the user's app access is removed, perform the below action, please select Suspend.
Once all done click Save in the top right corner. The final configuration should look like the below
Go under the Parameters tab to configure field mappings between OneLogin and Blink.
Under the Field column, you will find the Blink user fields list.
Under the Value column, you will find the OneLogin fields that will be pushed against said Blink fields in Blink.
On Optional Fields, the Status column shows whether a Blink field is being mapped at all.
Required Parameters need to have a corresponding OneLogin field for the user provisioning to work.
For SAML Name Id (Subject) and scimusername, we recommend keeping Email as the default value
For employee Number, if you do not have a field in OneLogin holding a unique employee identifier for your organization (i.e., an employee id number), please use OneLogin ID
To enable a field to be mapped, click on the field name
A pop-up will appear. Under Value, select the OneLogin field you wish to map to the Blink field. Under Flags, tick Include In User Provisioning and Skip if the value is blank. Finally, click Save.
Repeat the 2 steps above for all Optional Blink fields you would like to map
Once configured, the Status of the field will change to Enabled
Once Parameters have been configured, click Save on the top right corner
Phone in the Field column defaults to the Mobile Phone field in Blink Work Phone in Blink is not mappable from OneLogin at the moment
Step 4: Assign OneLogin Users to the Blink Application
In OneLogin, under Applications and the Blink application, click the Access tab
Under Roles make sure you tick the roles containing the users you wish to add to the application. In the below example, the SCIM Test role is selected meaning all users with this role will be added to the Blink app.
To create roles, go under Users > Roles. Click New Role in the top right corner on the next screen. On the 3rd screen enter a name for the role and select Blink as the app to add.
You can add users to the role manually or automatically based on a set of mappings rules.
Go under Users > Roles and click on the role you wish to add Users to
On the next screen go under the Users tab where you will see Users Added Automatically (option to add New Mapping to add users to this role based on rules automatically) and Users Added Manually (using the search bar)
Once you have finished adding users, click Save on the top right corner
What does this integration not support?
Provisioning Groups from OneLogin to Blink.
Why is something is going wrong?
If you are having any issues with this, please reach out to email@example.com.