Onelogin

OneLogin is a cloud-based identity and access management (IAM) provider that develops a unified access management (UAM) platform for enterprise-level businesses and organizations.

The iProov OIDC connector lets you use iProov Face Biometrics as a MFA for OneLogin.

Set up an IdP

To start this integration, create a new IdP in your admin panel, go to Authentication -> Trusted IdPs.

Create the New Trust by clicking the button in the top-right corner.

screen Put the name of your IdP, then go to the bottom of the page and select OIDC protocol type

screen

Go back to the beginning of the page, enable Trusted IdP and “show in Login panel” options.

In the Configurations section put the https://api.iproov.dev/oidc/v1 as an issuer. Then enable “Sign users into OneLogin” and “Send Subject Name ID (SAML TIDPs) or Login Hint (OIDC TIDPs) in Auth Request”

screen

in OIDC configurations, put https://api.iproov.dev/oidc/v1/authorize for Authorization endpoint, https://api.iproov.dev/oidc/v1/token for Token endpoint and https://api.iproov.dev/oidc/v1/userinfo for User Information endpoint.

Put openid in scopes, and faceauth_la_only for express liveness or faceauth_gpa_only for dynamic.

Finally, fill in your Client ID and Secret from the OIDC application that you’ve created in the iPortal.

screen

In your OIDC application, add the redirect URI. It should look like this: https://[your organization domain].onelogin.com/mfa/v1/idp/auth_callback

Enable iProov as MFA

To enable your new IdP as a factor in OneLogin, go to Security -> Policies and click on your policy.

Go to MFA section and choose your new IdP that you’ve just created in the “OTP Auth Required” section.