Configure OneLogin for OIDC

You can configure OneLogin as an OpenID authentication mechanism in Sysdig.

Prerequisites

Review OpenID Connect (SaaS).

OpenID Provider Configuration for OneLogin

The notes below describe minimal steps to be taken in OneLogin. You may need to adjust the steps based on the specifics of your environment.

  1. Log in to your OneLogin organization as a user with administrative privileges and click to Apps > Custom Connectors, then click the New Connector button.

  2. Create a new Connector:

    • Enter your choice of connector name.

    • Select a Sign on Method of OpenID Connect.

    • For Redirect URI, enter one of the following values:

      See SaaS Regions and IP Ranges and identify the correct domain URL (redirect URL) associated with your Sysdig application and region. For example, domain URLs of Monitor and Secure for US East are:

      • Sysdig Monitor: https://app.sysdigcloud.com/api/oauth/openid/auth

      • Sysdig Secure: https://secure.sysdig.com/api/oauth/openid/secureAuth

      For other regions, the format is https://<region>.app.sysdig.com.

      Replace <region> with the region where your Sysidig application is hosted. For example, for Sysdig Secure you use https://eu1.sysdig.com/api/oauth/openid/secureAuth.

    • Click Save.

  3. From the More Actions pull-down menu, select Add App to Connector.

  4. Click Save to add the app to your catalog. Once clicked, additional tabs will appear.

  5. Click to the SSO tab. Change the setting in the Token Endpoint drop-down to POST, then click Save.

  6. While still on the SSO tab, take note of the Client ID and Client Secret that are shown (click Show client secret to reveal it).

    You will need them in the OpenID settings.

  7. Note that the Issuer URL will consist of https://YOUR-ONELOGIN-DOMAIN.onelogin.com/oidc

    You will need them in the OpenID settings.

During testing, we’ve found OneLogin sometimes does not keep changes that are made in the OpenID Provider configuration. If you make changes to your OneLogin configuration and experience issues such as HTTP 400 Bad Request when attempting to log in to your Sysdig application, you may need to delete your Custom Connector and App config in OneLogin and recreate it from scratch.

Configure Sysdig Settings

To enable OneLogin OpenID functionality on the Sysdig application, you need the following:

  • Client ID

  • Client Secret

  • Issuer URL.

See Enable OpenID in Settings to learn how to complete your configuration.