Documentation
Demos
Support
Blog
Start Free Trial
Search results

OneLogin support for SSO authentication

The Bold BI application supports adding users through the OneLogin provider. By importing them, you can share the dashboards and email exported dashboards with them.

NOTE: This feature is available in Bold BI Embedded Analytics but not in Cloud Analytics Server.

How to register the Bold BI application in OneLogin

This section explains how to perform Single Sign-On for users in OneLogin with the Bold BI application.

NOTE: This configuration needs to be done on the OneLogin website.

Prerequisites

  • An admin account in OneLogin.
  • Install Bold BI application.

Steps to register the Bold BI application

  1. Please log in to the OneLogin website using the admin account.

  2. Click on Applications in the header menu.

    Application page

  3. Click on the Add App button.

    Add Application page

  4. Type the words OpenId Connect or oidc in the search box, and then click on the result.

    Openidconnect

  5. Please enter the application name and then click on Add App.

  6. Save the application name in the Display Name.

    Applicationname

  7. If you wish to use the Bold BI mobile application, please follow the steps outlined above. Finally, click on SSO and update the Application Type to Native. If not, you may proceed as it is.

    Mobile type

  8. Click the Configuration tab and save the Redirect URIs and Login URL. For the Bold BI mobile application, use the Mobile App Redirect URI and use the Redirect URI for the web application.

    Redirect URI

  9. The Redirect URI and Login URL are found under the OpenID Connect settings of your Bold BI application, as shown in the following screenshot.

    Redirecturi in setting

  10. Click on the SSO tab and you will find the Client ID and Client Secret. Use these in the Bold BI application.

    OneLoginClient details

After successfully registering in OneLogin, save these settings on the Bold BI settings page to enable this authentication.

Enable OneLogin support for authentication in Bold BI

Configure the settings in Bold BI as in the following snap to enable the authentication using OneLogin.

OneLogin settings

The fields that need to be saved in Bold BI in order to enable OneLogin for authentication are explained as follows.

Provider Name It represents the name of the authentication provider to be displayed in the login page.
Provider Logo It represents the logo of the authentication provider to be displayed in the login page.
Authorization Endpoint It should be in the format https://subdomain.onelogin.com/oidc/auth
Please refer to the authorization code for more details.
Token Endpoint Method POST
Token Endpoint It should be in the format https://subdomain.onelogin.com/oidc/token
Please refer to the authorization code grant for more details.
User Information Endpoint Method GET
User Information Endpoint It should be in the format https://subdomain.onelogin.com/oidc/me
Please refer user info for more details.
Client ID The Client ID you get after registered the Bold BI application in OneLogin website.
Client Secret The Client Secret you get after registered the Bold BI application in OneLogin website.
Scopes openid, profile, email
Logout Endpoint It is the endpoint in the OneLogin website that signs the user out.
Email This must be the field name in which email will be present when deserializing the token.

Configure OneLogin Group Import Settings in Bold BI

Configure the group import setting in Bold BI using OneLogin, as shown in the image below.

OneLogin Group

To generate the API client credentials, please follow the link: OneLogin API Credentials Guide

We use the client ID and client secret from the API client credentials to obtain a token for accessing the groups API. In order to access OneLogin APIs, we require the Region from the API Domain. Please refer to the image below for the region,

OneLogin Region

Previous
Next