OneLogin
HockeyStack supports Single Sign-On (SSO) through OneLogin using an Auth0-based enterprise connection with OpenID Connect. Follow the steps below to configure a OneLogin OIDC connection for your organization. Once you share the required identity provider details from OneLogin, HockeyStack will complete the HockeyStack side of the setup.
Prerequisites
You must have administrator access to your OneLogin account with permission to create and manage applications.
You will also need the HockeyStack callback URL and any additional configuration values required for your organization’s Auth0-based setup.
Your users should have email addresses in OneLogin that match the email addresses used for their HockeyStack accounts.
Users must already have HockeyStack accounts before they can sign in via SSO. HockeyStack does not automatically provision new user accounts from OneLogin.
Instructions
Create a OneLogin OpenID Connect application
Sign in to OneLogin as an administrator.
Navigate to the Applications area in OneLogin and create a new OpenID Connect application for HockeyStack.
Enter a descriptive name such as HockeyStack and save the application.
Configure the application settings
Configure the application using the HockeyStack values provided for your organization. This typically includes the HockeyStack Auth0 callback URL as the redirect URI.
Depending on your OneLogin configuration, you may also need to confirm the allowed login or redirect settings for the application.
Collect the OneLogin identity provider details
After the application is created, collect the values HockeyStack will need to complete the connection. For an OIDC-based setup, this typically includes:
Client ID
Client secret
Your OneLogin domain or issuer details
Discovery metadata or OIDC endpoints, if requested
Share the required information with HockeyStack
Send the requested configuration details to the HockeyStack team so the enterprise connection can be completed on the HockeyStack side. For an Auth0-based OIDC connection, the most common handoff is the client ID, client secret, and the relevant OneLogin domain or issuer information.
Assign users to the application
Assign the OneLogin users or groups who should be allowed to sign in to HockeyStack. Use email addresses that match the users’ HockeyStack accounts.
Users who do not already have a HockeyStack account will need to be invited to HockeyStack before they can sign in via SSO.
Test the integration
Once HockeyStack confirms setup is complete:
Go to your HockeyStack login page
Start the OneLogin SSO login flow
Authenticate with a OneLogin user who has been assigned to the HockeyStack application
Verify that the user is redirected into HockeyStack successfully
Note: Once SSO is enabled for your organization, password-based login will be disabled for your users. All users on the domain will be required to sign in through OneLogin.
Troubleshooting
If authentication fails, verify the following first:
The redirect URI matches exactly what HockeyStack provided
The client ID and client secret shared with HockeyStack are from the correct OneLogin application
The user is assigned to the application in OneLogin
The user already has an active HockeyStack account
The user’s email address in OneLogin matches the email address used for HockeyStack
Any issuer or OIDC metadata shared with HockeyStack is from the correct OneLogin application or tenant
Questions?
If you need help configuring OneLogin SSO for HockeyStack, send HockeyStack the application details already collected for your OneLogin OIDC app so the connection can be completed faster.
Last updated