Delegate Authentication
You can use the Create Session Login Token API to delegate authentication of a user to OneLogin, with or without MFA.
When you simply want to authenticate a user in OneLogin (validate their password), you can treat the token returned in the 200 OK - Success message as a confirmation that the user has been authenticated. The session token itself is not used.
Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.
When MFA is required, the Create Session Login Token API works in close conjunction with the Verify Factor API call. When you want to simply authenticate a user in OneLogin and MFA is required, you can just treat the token returned by the Verify Factor API in the 200 OK - Success message as a confirmation that the user has been authenticated.
Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.
Have a Question?
Found a problem or a bug? Submit a support ticket.
Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.
Have a product idea or request? Share it with us in our Ideas Portal.