This document provides comprehensive information about the OneLogin integration in Keep

Overview

Keep supports OneLogin as an authentication provider, enabling:
  • Single Sign-On (SSO) via OneLogin
  • OAuth2/OIDC authentication flow
  • Token refresh capabilities
  • Role-based access control through custom claims
  • Session management through NextAuth.js

Environment Variables

Backend Environment Variables

VariableDescriptionExample
AUTH_TYPESet to "ONELOGIN" to enable OneLogin authenticationONELOGIN
ONELOGIN_ISSUERThe issuer URL for your OneLogin applicationhttps://company.onelogin.com/oidc/2
ONELOGIN_CLIENT_IDClient ID of your OneLogin applicationabc123def456ghi789
ONELOGIN_CLIENT_SECRETClient Secret of your OneLogin applicationabcd1234efgh5678ijkl9012
ONELOGIN_ADMIN_ROLERole to be mapped to a keep admin roleKeepAdmin
ONELOGIN_NOC_ROLERole to be mapped to a keep noc roleKeepNoc
ONELOGIN_WEBHOOK_ROLERole to be mapped to a keep webhook roleKeepWebhook
ONELOGIN_AUTO_CREATE_USERWhether to try and create autocreate users in keepTrue

Frontend Environment Variables

VariableDescriptionExample
AUTH_TYPESet to "ONELOGIN" to enable OneLogin authenticationONELOGIN
ONELOGIN_ISSUERThe issuer URL for your OneLogin applicationhttps://company.onelogin.com/oidc/2
ONELOGIN_CLIENT_IDClient ID of your OneLogin applicationabc123def456ghi789
ONELOGIN_CLIENT_SECRETClient Secret of your OneLogin applicationabcd1234efgh5678ijkl9012

OneLogin Configuration

Creating a OneLogin Application

  1. Sign in to your OneLogin Admin Console
  2. Navigate to Applications
  3. Click Add App
  4. Search for OpenId Connect (OIDC) and select it
  5. Click Save

Application Settings

  1. Display Name: Enter a name for your application (e.g., “Keep”)
  2. Redirect URIs: Enter your app’s callback URL, e.g., https://your-keep-domain.com/api/auth/callback/onelogin
  3. Login URL: Enter your app’s login URL, e.g., https://your-keep-domain.com/signin
  4. Role Mapping:
    • Go to the Parameters tab
    • Map the groups to user roles or groups with the default value being semicolon delimited input values
  5. Go to the SSO tab and configure:
    • Application Type: Web
    • Token Endpoint: Client Secret Post
  6. Access:
    • Assign to appropriate roles or users
  7. Click Save
  8. Copy the client id, client secret and issuer URL from the SSO tab