Sync with OneLogin
This article will help you get started using Directory Connector to sync users and groups from your OneLogin directory to your Bitwarden organization.
Directory Connector requires knowledge of OneLogin-generated API credentials to connect to your directory. Complete the following steps to create and obtain API credentials for use by Directory Connector:
From your OneLogin Administration portal (
https://yourdomain.onelogin.com/admin), select to Developers → API Credentials from the navigation menu.Select the New Credential button and give your credential a Bitwarden-specific name (for example,
bitwarden-dc).Select the Read Users radio button to give read permission for user fields, roles, and groups, and select Save.
Copy the generated Client ID and Client Secret. You may return to view these at any time.
Complete the following steps to configure Directory Connector to use your OneLogin directory:
Open the Directory Connector desktop app.
Navigate to the Settings tab.
From the Type dropdown, select OneLogin.
The available fields in this section will change according to your selected type.
Enter the Client ID and Client Secret obtained from OneLogin.
From the Region dropdown, select your region.
Tipp
When you're finished configuring, navigate to the More tab and select the Clear Sync Cache button to prevent potential conflicts with prior sync operations. For more information, see Clear Sync Cache.
Complete the following steps to configure the settings used when syncing using Directory Connector:
Open the Directory Connector desktop application.
Navigate to the Settings tab.
In the Sync section, configure the following options as desired:
Option | Description |
|---|---|
Interval | Time between automatic sync checks (in minutes). |
Remove disabled users during sync | Check this box to remove users from the Bitwarden organization that have been disabled in your directory. |
Overwrite existing organization users based on current sync settings | Check this box to always perform a full sync and remove any users from the Bitwarden organization if they are not in the synced user set. |
More than 2000 users or groups are expected to sync | Check this box if you expect to sync 2000+ users or groups. If you don't check this box, Directory Connector will limit a sync at 2000 users or groups. |
If a user has no email address, combine a username prefix with a suffix value to form an email | Check this box to form valid email options for users that do not have an email address. Users without real or formed email addresses will be skipped by Directory Connector. Formed Email = |
Email Suffix | A string ( |
Sync users | Check this box to sync users to your organization. |
User Filter | See Specify sync filters. |
Sync groups | Check this box to sync groups to your organization. Checking this box will allow you to specify Group Filters. Please be aware, Directory Connector uses OneLogin |
Group Filter | See Specify sync filters. |
Use comma-separated lists to include or exclude from a sync based on user email or group.
Hinweis
Directory Connector will create Bitwarden groups based on OneLogin Roles, not OneLogin Groups.
User filters
To include or exclude specific users from a sync based on email address:
include:joe@example.com,bill@example.com,tom@example.com
exclude:joe@example.com,bill@example.com,tom@example.com
Group filters
Hinweis
Syncing nested groups is not supported by OneLogin.
To include or exclude groups from a sync based on OneLogin roles:
include:Role A,Role B
exclude:Role A,Role B
Tipp
Before testing or executing a sync, check that Directory Connector is connected to the right cloud server (e.g. US or EU) or self-hosted server. Learn how to do so with the desktop app or CLI.
To test whether Directory Connector will successfully connect to your directory and return the desired users and groups, navigate to the Dashboard tab and select the Test Now button. If successful, users and groups will be printed to the Directory Connector window according to specified sync options and filters:
Once sync options and filters are configured as desired, you can begin syncing. Complete the following steps to start automatic sync with Directory Connector:
Open the Directory Connector desktop app.
Navigate to the Dashboard tab.
In the Sync section, select the Start Sync button.
You may alternatively select the Sync Now button to execute a one-time manual sync.
Directory Connector will begin polling your directory based on the configured sync options and filters.
If you exit or close the application, automatic sync will stop. To keep Directory Connector running in the background, minimize the application or hide it to the system tray.