Admin ConsoleUser Management

Sync with OneLogin

This article will help you get started using Directory Connector to sync users and groups from your OneLogin directory to your Bitwarden organization.

Create API credentials

Directory Connector requires knowledge of OneLogin-generated API credentials to connect to your directory. Complete the following steps to create and obtain API credentials for use by Directory Connector:

  1. From your OneLogin Administration portal (https://yourdomain.onelogin.com/admin), select to DevelopersAPI Credentials from the navigation menu.

  2. Select the New Credential button and give your credential a Bitwarden-specific name (for example, bitwarden-dc).

  3. Select the Read Users radio button to give read permission for user fields, roles, and groups, and select Save.

  4. Copy the generated Client ID and Client Secret. You may return to view these at any time.

Connect to your directory

Complete the following steps to configure Directory Connector to use your OneLogin directory:

  1. Open the Directory Connector desktop app.

  2. Navigate to the Settings tab.

  3. From the Type dropdown, select OneLogin.

    The available fields in this section will change according to your selected type.

  4. Enter the Client ID and Client Secret obtained from OneLogin.

  5. From the Region dropdown, select your region.

Configure sync options

Tipp

When you're finished configuring, navigate to the More tab and select the Clear Sync Cache button to prevent potential conflicts with prior sync operations. For more information, see Clear Sync Cache.

Complete the following steps to configure the settings used when syncing using Directory Connector:

  1. Open the Directory Connector desktop application.

  2. Navigate to the Settings tab.

  3. In the Sync section, configure the following options as desired:

Option

Description

Interval

Time between automatic sync checks (in minutes).

Remove disabled users during sync

Check this box to remove users from the Bitwarden organization that have been disabled in your directory.

Overwrite existing organization users based on current sync settings

Check this box to always perform a full sync and remove any users from the Bitwarden organization if they are not in the synced user set.

Recommended for OneLogin directories.

More than 2000 users or groups are expected to sync

Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups.

If a user has no email address, combine a username prefix with a suffix value to form an email

Check this box to form valid email options for users that do not have an email address.

 Users without real or formed email addresses will be skipped by Directory Connector.

Formed Email = username + Email Suffix

Email Suffix

A string (@example.com) used to create a suffix for formed email addresses.

Sync users

Check this box to sync users to your organization.

Checking this box will allow you to specify User Filters.

User Filter

See Specify sync filters.

Sync groups

Check this box to sync groups to your organization. Checking this box will allow you to specify Group Filters.

Please be aware, Directory Connector uses OneLogin role values to create Bitwarden groups.


Group Filter

See Specify sync filters.

Specify sync filters

Use comma-separated lists to include or exclude from a sync based on user email or group.

Hinweis

Directory Connector will create Bitwarden groups based on OneLogin Roles, not OneLogin Groups.

User filters

To include or exclude specific users from a sync based on email address:

include:joe@example.com,bill@example.com,tom@example.com
exclude:joe@example.com,bill@example.com,tom@example.com

Group filters

Hinweis

Syncing nested groups is not supported by OneLogin.

To include or exclude groups from a sync based on OneLogin roles:

include:Role A,Role B
exclude:Role A,Role B

Test a sync

Tipp

Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the desktop app or CLI.

To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the Dashboard tab and select the Test Now button. If successful, users and groups will be printed to the Directory Connector window according to specified sync options and filters:

Test sync results
Test sync results

Start automatic sync

Once sync options and filters are configured as desired, you can begin syncing. Complete the following steps to start automatic sync with Directory Connector:

  1. Open the Directory Connector desktop app.

  2. Navigate to the Dashboard tab.

  3. In the Sync section, select the Start Sync button.

    You may alternatively select the Sync Now button to execute a one-time manual sync.

Directory Connector will begin polling your directory based on the configured sync options and filters.

If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray.

Make a Suggestion to this Article...*
Email (optional)

Kontaktieren Sie unser Team vom Kundendienst

Für technische Fragen und bei Fragen zu Rechnungen, Produkten und Familien/Premium-Tarifen.

Name*
E-Mail-Adresse Ihres Bitwarden-Kontos*
Verify account email*
Product*
Are you self-hosting?*
Betreff*
Nachricht...*

Cloud-Status

Check status

© 2023 Bitwarden, Inc.NutzungsbedingungenDatenschutzerklärungSitemap