Skip to Content

Integrating OneLogin OpenID connect

How to integrate OneLogin OpenID Connect with Ezeelogin Jumpserver?


Overview: This article will help the super admin user to integrate OneLogin OpenID Connect with the Ezeelogin jump server.

OpenID connect is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.



Step 1: Login to OneLogin and click on Add App under Applications.

Step 2: Search for oidc and select OpenID Connect (OIDC).

Step 3: Change the Display Name and Save it.

Step 4: Login to Webpanel, navigate to Settings > OpenID Connect, copy the Redirect URL, and add it to the redirect URLs in OneLogin.

Additionally, modify the last part of the OIDC URL by changing "oidc" to "login" and add it the url in Login Url.
(e.g., change https://192.168.0.110/ezlogin/index.php/auth/oidc to https://192.168.0.110/ezlogin/index.php/auth/login)

Save the changes after adding the Url.

Step 5: Click on Show client secret under SSO.

Step 6: Copy the Client IDClient Secret and Issuer URL and paste it in webpanel under OpenID Connect menu parameters.

Step 7: Select the Users tab and click on New User  then provide first namelast nameusername and email to save the user.

Step 8: Select Applications tab from the left panel and click on the add icon to map the application to the user.

Step 8(A): Select the application from drop-down and click continue to save the application.

Step 9: Change Web panel Authentication to OpenID Connect from Ezeelogin GUI > Settings > General >Authentication and Save it.

Step 9 (A): Enable Auto Create User in the Ezeelogin GUI by going to Settings > General > Security.

Step 10: Re-login to webpanel with OpenID Connect authentication.

Step 11: After logging in, set a new password and security code under Account > Password.

After setting the new password and security code, try logging in using the updated credentials.


How to add scope from OneLogin OpenID connect to Ezeelogin jumpserver?

Step 1: Navigate to Developers > API Access Management.

Step 2: Click on Add API.

Step 3: Provide the mentioned details.(Enter redirect URL from gateway server under resource identifier and Audiences)

Step 4: Under Scope > Add Scope.

Step 5: Enter the scope details and Save it.

Step 6: Navigate to Claims > Add Claim > Enter claim details and Save it.

Step 7: Click on Clients > Add client > Select the Application > Next.

Select the scopes you would like to assign and Save it.

Step 8: Login to Ezeelogin, go to OIDC advanced settings, add the scopes separated by spaces, and save the settings.

This feature is only available from Ezeelogin version 7.41.0


Related Articles:

Integrate OneLogin SSO with JumpServer.