See api-docs Menu

Delegate Authentication

You can use the Create Session Login Token API to delegate authentication of a user to OneLogin, with or without MFA.

When you simply want to authenticate a user in OneLogin (validate their password), you can treat the token returned in the 200 OK - Success message as a confirmation that the user has been authenticated. The session token itself is not used.

Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.

When MFA is required, the Create Session Login Token API works in close conjunction with the Verify Factor API call. When you want to simply authenticate a user in OneLogin and MFA is required, you can just treat the token returned by the Verify Factor API in the 200 OK - Success message as a confirmation that the user has been authenticated.

Likewise, you can use the 401 - Unauthorized status code to indicate that a user could not be authenticated.


Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.

StackOverflow discussions about "[onelogin] user login api"

  • 2
    Votes

    Q: OneLogin session_via_api_token and Chrome

    Asked Nov 14 2016

    I am getting a session token via an ajax call. This in turn calls the API method https://api.us.onelogin.com/api/1/login/auth $.post("onelogin.ashx?action=sessiontoken", data, function (s … is now logged in. session_via_api_token returns response header "Location" with my original page URL. In Chrome the user is not logged in and the response header "Location" is https://app.onelogin.com/login I have a feeling it is a problem with cookies but can't figure out what. Any ideas? …

  • 1
    Votes
    3
    Answers

    Q: onelogin api with php curl 401 unauthorized

    Asked Jul 06 2016

    I have a simple curl request to the onelogin api written in PHP. The request works fine with my parameters from my terminal and I am able to login my user, however the php version I run on server … = "Authorization: bearer: ". $a_token; curl_setopt($ch, CURLOPT_URL, "https://api.us.onelogin.com/api/1/users"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true …

  • 1
    Votes

    A: Accessing Third Party Apps After Creating A Session Via API Token

    Answered Mar 10 2017

    Two ways: If the app supports SP-initiated SAML, just navigate the user to the application and it'll do the whole SAML flow- App redirects to OneLogin - OL authenticates user (because you have a … -for-a-user Take note that you're probably going to want to use the optional flag that makes sure to redirect to your login page, not OL's if you've built a login facade. …

  • 1
    Votes
    1
    Answers

    Q: Accessing Third Party Apps After Creating A Session Via API Token

    Asked Mar 10 2017

    wants: User logs into our website At which point we authenticate the user in our system, and One Login via the api. After the user logs into our dashboard, they can click an link and be redirected to … ://developers.onelogin.com/api-docs/1/oauth20-tokens/generate-tokens I've successfully used the access token to generate a session login token via --> https://developers.onelogin.com/api-docs/1/users/create …

  • 1
    Votes
    4
    Answers

    Q: OneLogin Create Session Login Token API returns status 400 with message: Bad Request

    Asked May 23 2016

    Request: //Get the session token for the specified user, using the token recieved from previous web request WebRequest request = WebRequest.Create("https://api.us.onelogin.com/api/1/login/auth … I am developing a C# application which needs to use the onelogin API to retrieve a session token. I am able to authenticate and and create a token with the following code: WebRequest Authrequest …

Loading...