See api-docs Menu

Get Apps to Embed for a User

Lists apps accessible by a OneLogin user.

Use the response message to embed users’ OneLogin apps in their views of your company intranet, for example.

For examples of what you can do with this API, see Embedding Apps.

Resource URL

https://<your_subdomain>.onelogin.com/client/apps/embed2

Query Parameters

token

required

string

Provide your embedding token. To get your embedding token, go to OneLogin and navigate to Settings > Embedding.

email

required

string

Provide the email of the user for which you want to return a list of embeddable apps.

Sample Response

<apps>
  <app>
    <id>123456</id>
    <icon>https://assets.com/images/icons/square/netflix/mobile_50.png?11111</icon>
    <name>NetFlix</name>
    <provisioned>1</provisioned>
    <extension_required>true</extension_required>
    <personal>false</personal>
    <login_id>44444</login_id>
  </app>
  <!--clip-->
  <app>
    <id>654321</id>
    <icon>https://assets.com/images/icons/square/aws/mobile_50.png?22222</icon>
    <name>AWS DynamoDB</name>
    <provisioned>0</provisioned>
    <extension_required>false</extension_required>
    <personal>false</personal>
    <login_id>55555</login_id>
  </app>
</apps>

If you receive the following response message body, no apps could be located for the token and email values you provided. This could mean that the token and email combination do not have any apps, or that your token and/or email values are invalid.

<apps />

Response Elements

id

ID of the app that can be accessed by the user.

icon

URL to the app’s icon.

name

Name of the application.

provisioned

Indicates whether a username and password has been stored on the login for the app and user.

Valid values are:

  • 0 (no)
  • 1 (yes)

extension_required

Indicates whether the app requires the OneLogin browser extension to login.

Valid values are:

  • true: The app requires the OneLogin browser extension.
  • false: The app does not require the OneLogin browser extension.

personal

Indicates whether the app is a user’s personal app.

Valid values are:

  • true: The app is a user’s personal app.
  • false: The app is not a user’s personal app.

login_id

User’s ID in the app. For example, in one app the user’s ID may be georgia.wong@company.com, but in another it may be georgia.wong.

Fair Use Policy

Please use this API on a portal-like page only, such as a page where users go to launch applications. This API is not intended for embedding apps on every page in an intranet as such an implementation will generate an unnecessary load on our system.

Using the Launch Apps Endpoint Instead

While embedding a dashboard of OneLogin apps in your company intranet may provide a more compelling experience for your users, we also provide a URL format that can be used to trigger single sign-on to an app from locations other than OneLogin’s dashboard.

You can create a URL to an app by using this format: https://<your_subdomain>.onelogin.com/launch/{app-id}. For example, you can provide a link to an app like this:

<a href="https://<your_subdomain>.onelogin.com/launch/123456">Time Reporting</a>

If the user has an active browser session with OneLogin, when he clicks this link, he will be redirected to OneLogin and logged in to the app.

If the user does not have an active session, he will be redirected to OneLogin, prompted to log in, and will then be logged in to the app.

If you are using a custom login page and want to redirect the user to a custom logout page when the session expires, include the useLogOutUrl parameter in the URL. For example:

<a href="https://<your_subdomain>.onelogin.com/launch/123456?userLogOutUrl=true">Time Reporting</a>

Be sure to define the custom logout page URL in the Logout URL field in Settings > Account Settings. Provide a fully qualified logout URL in this format: <protocol>://<host>/<path>. For example: http://www.splinkly.com/logout.

The user can be authenticated by OneLogin automatically if integration with Active Directory or LDAP has been enabled.

The app must belong to the user’s account and the user must have an active login entry for the app.

Postman Collection

Run In Postman

    Clicking Run in Postman button navigates to the page where you can fork the collection to your workspace. Forking the collection into your workspace will enable you to contribute to the source collection using pull requests. You can also view the collection in a public workspace if you like and even import a copy of the collection using the links present on the screen.

Sample cURL Request

Be sure to replace placeholder values surrounded by < > with actual values.

curl "https://<your_subdomain>.onelogin.com/client/apps/embed2?token=<token>&email=<email>" \
-X GET \
-u <api_key>:x

Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.