All Collections
Administrator Guide
Applications and Automation
One Login
One Login

SSO and user provisioning for One Login

Updated over a week ago

If you are looking to set up Single Sign-On and User Provisioning for One Login please follow this article. Single Sign-On will grant the ability to sign into an Application without the need for sign-in details. User Provisioning will allow for user profile fields to be synced over and updated.


​All information is fed into Blink. Changes to any profile cannot be done in Blink, only within One Login.

If you are looking to set this feature up, please ensure you are an Administrator within your Blink Instance and you will need a secret token. This can be acquired by reaching out to support@joinblink.com. This will be generated and sent back to you within the same week this is requested.

In this article:

What features are supported with this

What Features are supported with this:

  • Single Sign-On via SAML

  • User provisioning which allows you to create, update and disable OneLogin Users in Blink

If you wish to only set up Single Sign-On, please complete Step 1, 2 and 4 below. If you wish to configure User Provisioning, please complete Step 1, 2, 3 and 4.

Step 1: Add the Blink Application to your OneLogin Applications

  1. Login to OneLogin, go to your Administration, and then Applications

  2. Click Add App, search for Blink, and click on it

  3. On the next screen click Save

Step 2: Configure Single Sign On

  1. Within the newly added Blink app in OneLogin, click the Configuration Tab

  2. Within Blink, go to the Admin Portal by clicking the Admin button on the sidebar

  3. In Admin Portal, click on the Authentication tab

  4. Within Authentication Methods, select SAML, you will then see the Entity Id and ACS URL values appear on the page

  5. Back to the Configuration Tab in OneLogin, paste the Entity Id as the SAML Audience URL and the ACS URL as the SAML Consumer URL

  6. On the top right corner, click More Action > SAML Metadata to download the metadata (XML file) from One Login

  7. Click Save on the top right corner once you have downloaded the file

  8. Back in Blink, on the Authentication Tab, click Read metadata file, select the metadata file you have downloaded from OneLogin and click Open

  9. Once the metadata file has been uploaded, you will notice, that the Login URL, Logout URL, and Signing Certificate have now been added to the metadata. Click Save Changes at the bottom right of the page.

If you wish to configure User Provisioning, carry on the configuration with Step 3. Otherwise please directly go to Step 4.

Step 3: Configure User Provisioning

  1. In OneLogin, under Applications, click on the Configuration tab of the Blink app

  2. Paste the authentication token you have been provided by Blink in the SCIM Bearer Token field and click the Enable button. This will connect to the Blink API and the light will turn green once successful. Click Save in the top right corner once connected.

  3. Next, go to the Provisioning tab and tick Enable provisioning

    1. Under Require admin approval before this action is performed untick “Create user”, “Delete User” and “Update User”.

    2. When users are deleted in OneLogin, or the user's app access is removed, perform the below action, please select Suspend.

    3. Once all done click Save in the top right corner. The final configuration should look like the below

  4. Go under the Parameters tab to configure field mappings between OneLogin and Blink.

    1. Under the Field column, you will find the Blink user fields list.

    2. Under the Value column, you will find the OneLogin fields that will be pushed against said Blink fields in Blink.

    3. On Optional Fields, the Status column shows whether a Blink field is being mapped at all.

    4. Required Parameters need to have a corresponding OneLogin field for the user provisioning to work.

      1. For SAML Name Id (Subject) and scimusername, we recommend keeping Email as the default value

      2. For employee Number, if you do not have a field in OneLogin holding a unique employee identifier for your organization (i.e., an employee id number), please use OneLogin ID

    5. Optional Parameters

      1. To enable a field to be mapped, click on the field name

      2. A pop-up will appear. Under Value, select the OneLogin field you wish to map to the Blink field. Under Flags, tick Include In User Provisioning and Skip if the value is blank. Finally, click Save.

      3. Repeat the 2 steps above for all Optional Blink fields you would like to map

      4. Once configured, the Status of the field will change to Enabled

    6. Once Parameters have been configured, click Save on the top right corner

Phone in the Field column defaults to the Mobile Phone field in Blink Work Phone in Blink is not mappable from OneLogin at the moment

Step 4: Assign OneLogin Users to the Blink Application

  1. In OneLogin, under Applications and the Blink application, click the Access tab

  2. Under Roles make sure you tick the roles containing the users you wish to add to the application. In the below example, the SCIM Test role is selected meaning all users with this role will be added to the Blink app.

  3. To create roles, go under Users > Roles. Click New Role in the top right corner on the next screen. On the 3rd screen enter a name for the role and select Blink as the app to add.

  4. You can add users to the role manually or automatically based on a set of mappings rules.

    1. Go under Users > Roles and click on the role you wish to add Users to

    2. On the next screen go under the Users tab where you will see Users Added Automatically (option to add New Mapping to add users to this role based on rules automatically) and Users Added Manually (using the search bar)

    3. Once you have finished adding users, click Save on the top right corner

FAQs

What does this integration not support?

Provisioning Groups from OneLogin to Blink.

Why is something is going wrong?

If you are having any issues with this, please reach out to support@joinblink.com.

Did this answer your question?