The DatoCMS Blog

Introducing our OneLogin integration

Posted on November 20th, 2019 by Massimiliano Palloni

Single sign-on (SSO) solutions for enterprises have gained widespread adoption, because they make it easy to authenticate users once for all the services, applications and devices they use, helping productivity and interoperability without sacrificing security.

It also helps drive down help desk costs: almost half of the internal inquiries have to do with password issues, driving up the cost of support. A Forrester study found that password resets can cost nearly $70 per ticket resolved.

All in all, a quality SSO solution adds security, improves usability, and saves time and money for the IT department. That's why we have worked on a new SAML 2.0 + SCIM 2.0, so your favorite identity provider is going to be compatible with DatoCMS straight out of the box.

Today, we present to you our integration with OneLogin, one of the most complete and supported Access Management solutions in the market.

How it works

When a user attempts to access an SSO-enabled DatoCMS project or administration console, users are redirected to OneLogin. If they still have an active session with it, users land automatically on the desired resource. If not, they are prompted to enter credentials.

Once authenticated, they can access for a configurable period to all resources protected by OneLogin. You can read more about our SSO Authentication process in this guide.

What can you do with OneLogin on DatoCMS?

We support all the major provisioning features from OneLogin. For example, our integration enables the platform to add users to DatoCMS or deactivate them.

You can also import users to OneLogin from the "Previsioned Users" section in DatoCMS settings to sync them.

You can also create Groups on DatoCMS to import on OneLogin and sync.

Features list and configuration

We support the following provisioning features:

  • push new users;

  • create new users both on OneLogin and on DatoCMS;

  • push profile updates;

  • push update made to the Onelogin user’s profile to DatoCMS;

  • push user deactivation;

  • deactivate the user or disable the user’s access to the application both on OneLogin and on DatoCMS;

  • import new users;

  • new users created in the third party application will be downloaded and turned into new AppUser objects, for matching against existing onelogin users.

The configuration is easy, and it takes no more than a couple of minutes.

You can read the step-by-step guide in our documentation.