Delegate Authentication
You can use the Create Session Login Token API to delegate authentication of a user to OneLogin, with or without MFA.
When you simply want to authenticate a user in OneLogin (validate their password), you can treat the token returned in the 200 OK - Success message as a confirmation that the user has been authenticated. The session token itself is not used.
Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.
When MFA is required, the Create Session Login Token API works in close conjunction with the Verify Factor API call. When you want to simply authenticate a user in OneLogin and MFA is required, you can just treat the token returned by the Verify Factor API in the 200 OK - Success message as a confirmation that the user has been authenticated.
Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.
Have a Question?
Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.
Found a bug? Submit a support ticket.
Have a product idea or request? Share it with us in our Ideas Portal.
StackOverflow discussions about "[onelogin] user login api"
-
Q: Verify AD or LDAP crendentials via REST API
Asked Mar 28 2016verify user credentials), and perform a one time API integration so that users will be presented with a login form on our web application www.mywebapp.com/login, they will then enter their AD/LDAP username … and password, which we would verify against their user directory using OneLogin API I went through the API documentation for OneLogin but i have not see any method for doing that, although i can see at https://www.onelogin.com/active-directory-integration that it is a feature of OneLogin …
-
A: Accessing Third Party Apps After Creating A Session Via API Token
Answered Mar 10 2017Two ways: If the app supports SP-initiated SAML, just navigate the user to the application and it'll do the whole SAML flow- App redirects to OneLogin - OL authenticates user (because you have a … -for-a-user Take note that you're probably going to want to use the optional flag that makes sure to redirect to your login page, not OL's if you've built a login facade. …
-
Q: OneLogin session_via_api_token and Chrome
Asked Nov 14 2016I am getting a session token via an ajax call. This in turn calls the API method https://api.us.onelogin.com/api/1/login/auth $.post("onelogin.ashx?action=sessiontoken", data, function (s … is now logged in. session_via_api_token returns response header "Location" with my original page URL. In Chrome the user is not logged in and the response header "Location" is https://app.onelogin.com/login I have a feeling it is a problem with cookies but can't figure out what. Any ideas? …
-
Q: failing to receive onedrive oauth refresh_token when authenticating through SSO
Asked Feb 12 2018this auth step. since they are using onelogin sso, they are redirected from onedrive to onelogin, they login to onelogin, and are redirected back to onedrive. Here they resume the oauth flow and … clear, the flow is: from app, attempt to oauth auth with onedrive get redirected to onelogin login to onelogin get redirected to onedrive grant permission for 3rd party app access get redirected back to app with access code exchange code for oauth tokens fail to receive refresh_token thanks! …
-
Q: OneLogin - how do I redirect to a custom login page upon session expiration?
Asked Jun 15 2016According to the OneLogin documentation, I can use my own login form combined with their API to log users in. And that works fine until the session expires. At that point, the next communication to … the server redirects me to OneLogin's login page and not mine. Is it possible to redirect users back to my login page upon expiration? I'd really prefer not to confuse users by showing more than …
Loading...