See api-docs Menu

App Resource

The app resource represents an app in OneLogin.

An app payload is broken into sections which group together common attributes such as parameters, sso settings and configuration. The attributes in each section change based on the type of app that has been returned. See below for samples of SAML and OpenId Connect apps.

Early Access Release

This API is currently in early preview release and may be subject to future breaking changes. If you’re interested in using this API please contact your account manager or our support team.

Resource Elements

{
    "id": 775664,
    "name": "A Sample App",
    "visible": true,
    "description": "",
    "notes": "",
    "icon_url": "/images/missing_connector_icon/square/old_original.png",
    "auth_method": 8,
    "policy_id": null,
    "allow_assumed_signin": false,
    "tab_id": 196885,
    "connector_id": 108419,
    "created_at": "2018-04-12T21:50:42Z",
    "updated_at": "2019-05-16T19:20:34Z",
    "provisioning": {},
    "sso": {},
    "configuration": {},
    "parameters": {}
}
id Apps unique ID in OneLogin. Integer
connector_id ID of the apps underlying connector. Integer
name App name. String
description Freeform description of the app. String
notes Freeform notes about the app. String
policy_id The security policy assigned to the app. Integer
icon_url A link to the apps icon url. String
visible Indicates if the app is visible in the OneLogin portal. Boolean
auth_method An ID indicating the type of app.

  • 0 - Password
  • 1 - OpenId
  • 2 - SAML
  • 3 - API
  • 4 - Google
  • 6 - Forms Based App
  • 7 - WSFED
  • 8 - OpenId Connect

Integer
tab_id ID of the OneLogin portal tab that the app is assigned to. Integer
created_at The date the app was created. ISO-8601 Date Time
updated_at The date the app was last updated. ISO-8601 Date Time
allow_assumed_signin Indicates whether or not administrators can access the app as a user that they have assumed control over. Boolean
provisioning See provisioning section below for attributes of this object. Object
sso See sso section below for attributes of this object. Object
configuration See configuration section below for attributes of this object. Object
parameters See parameters section below for attributes of this object. Object

Provisioning

{
  "provisioning": {
    "enabled": false
  },
}
enabled Indicates if provisioning is enabled for this app. Boolean

SSO

The attributes included in the sso section are determined by the type of app.

OpenId Connect

{
  "sso": {
    "client_id": "78d1d040-20c9-0136-5146-067351775fae92920"
  },
}
client_id The OpenId Connect Client Id. Note that client_secret is only returned after Creating an App. String

SAML

{
  "sso": {
    "metadata_url": "https://app.onelogin.com/saml/metadata/5772393d-2ad3-47d6-a64f-2339b1028291",
    "acs_url": "https://sharkbytes.onelogin.com/trust/saml2/http-post/sso/928532",
    "sls_url": "https://sharkbytes.onelogin.com/trust/saml2/http-redirect/slo/928532",
    "issuer": "https://app.onelogin.com/saml/metadata/5772393d-2ad3-47d6-a64f-2339b1028291",
    "certificate": {
      "value": "c6d814d032f000d9c03bc79727265",
      "id": 170216,
      "name": "My Companies SAML Certificate"
    }
  }
}
metadata_url ID of the apps underlying connector. String
acs_url App name. String
issuer Freeform description of the app. String
certificate The certificate used for signing.
  • id
  • name
  • value
Object

Configuration

The attributes included in the configuration section are determined by the type of app. This is not a complete list of possible configuration attributes. Custom configuration attributes may exist for different types of connectors.

OpenId Connect

{
    "configuration": {
        "redirect_uri": "https://localhost:3000/callback",
        "refresh_token_expiration_minutes": 1,
        "login_url": "",
        "oidc_application_type": 0,
        "token_endpoint_auth_method": 1,
        "access_token_expiration_minutes": 1
    }
}
redirect_uri Comma or newline separated list of valid redirect uris for the OpenId Connect Authorization Code flow. String
login_url The OpenId Connect Client Id. Note that client_secret is only returned after Creating an App. String
oidc_application_type
  • 0 - Web
  • 1 - Native / Mobile
Integer
token_endpoint_auth_method
  • 0 - Basic
  • 1 - POST
  • 2 - None / PKCE
Integer
access_token_expiration_minutes Number of minutes the refresh token will be valid for. Integer
refresh_token_expiration_minutes Number of minutes the refresh token will be valid for. Integer

SAML

{
    "configuration": {
        "provider_arn": null,
        "signature_algorithm": "SHA-1"
    }
}
signature_algorithm One of the following
  • SHA-1
  • SHA-256
  • SHA-348
  • SHA-512
String

Parameters

The parameters section contains parameterized attributes that have defined at the connector level as well as custom attributes that have been defined specifically for this app. Regardless of how they are defined, all parameters have the following attributes.

Each parameter is an object with the key for the object being set as the parameters short name.

{
    "parameters": {
        "the_short_name": {
            "values": null,
            "user_attribute_mappings": null,
            "provisioned_entitlements": false,
            "skip_if_blank": false,
            "id": 89806,
            "default_values": null,
            "attributes_transformations": null,
            "safe_entitlements_enabled": false,
            "label": "RoleSessionName",
            "user_attribute_macros": null
        }
    }
}
id The unique ID of the parameter. Integer
label The UI label for the parameter. String
user_attribute_mappings A user attribute to map values from. String
user_attribute_macros When `user_attribute_mappings` is set to `_macro_` this macro will be used to assign the parameter value. String
attributes_transformations The type of transformation to perform on multi valued attributes. String
skip_if_blank Not always applicable. Functions differently for different apps. See app specific documentation. Boolean
values Relates to Rules/Entitlements. Not supported yet. Array
default_values Relates to Rules/Entitlements. Not supported yet. String
provisioned_entitlements Relates to Rules/Entitlements. Not supported yet. Boolean
safe_entitlements_enabled Relates to Rules/Entitlements. Not supported yet. Boolean

Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Download for the Apps API


Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.