--- title: OneLogin API Integration on Truto slug: onelogin category: SSO canonical: "https://truto.one/integrations/detail/onelogin/" --- # OneLogin API Integration on Truto **Category:** SSO **Status:** Generally available ## Unified APIs ### Unified User Directory API - **Activities** — Activities are the actions performed by users in the source application. - **Groups** — Groups are a collection of users in the source application. In some applications, they might also be called Teams. - **Roles** — The Role object represents a role of a User. - **Users** — The User object represents a User. ## How it works 1. **Link your customer's OneLogin account.** Use Truto's frontend SDK; we handle every OAuth and API key flow so you don't need to create the OAuth app. 2. **Authentication is automatic.** Truto refreshes tokens, stores credentials securely, and injects them into every API request. 3. **Call Truto's API to reach OneLogin.** The Proxy API is a 1-to-1 mapping of the OneLogin API. 4. **Get a unified response format.** Every response uses a single shape, with cursor-based pagination and data in the `result` field. ## Use cases - **Automate employee provisioning and deprovisioning across SaaS tools** — HR and IT platforms can sync user lifecycle events with OneLogin to automatically create, suspend, or delete user accounts when employees join, move, or leave an organization — eliminating manual IT work and closing security gaps. - **Sync groups and roles for automatic permission mapping** — SaaS apps selling into mid-market and enterprise need to respect the customer's existing access policies. By pulling OneLogin Groups and Roles via Truto's Unified User Directory API, your product can automatically assign in-app permissions based on the IT admin's source of truth. - **Ingest SSO activity logs for compliance and security monitoring** — Compliance and security posture tools can pull OneLogin Activities to verify MFA enforcement, detect ghost accounts, and generate audit-ready evidence for frameworks like SOC 2 and ISO 27001 — all without asking customers to export CSVs. - **Power identity-aware workflow automation** — ITSM and workflow platforms can read OneLogin's user directory and role assignments to build automations like access request approvals, onboarding checklists, and license reclamation — turning identity data into actionable triggers. ## What you can build - **Real-time user directory sync** — Keep your app's internal user table continuously mirrored with your customer's OneLogin directory, so new hires get instant access and terminated employees are locked out automatically. - **Group-based workspace auto-population** — Automatically add or remove users from in-app teams, channels, or workspaces based on their OneLogin Group membership — no manual admin work required. - **Role-to-permission mapping engine** — Let IT admins map OneLogin Roles to your product's permission tiers (e.g., Admin, Editor, Viewer) so that access control is managed from a single pane of glass. - **Ghost account detection dashboard** — Cross-reference active accounts in your app against OneLogin's user states to surface suspended or deleted users who still have lingering access, helping customers close security gaps. - **SSO activity audit trail** — Pull OneLogin Activities into your product to give customers a searchable log of login events, MFA status changes, and password resets for compliance reporting. - **Automated offboarding workflows** — Trigger license reclamation, data archival, or handoff processes in your app the moment a user is suspended or removed in OneLogin. ## FAQs ### What data can I access from OneLogin through Truto? Truto's Unified User Directory API covers Users, Groups, Roles, and Activities from OneLogin. This lets you sync identity data, map organizational structure, and ingest event logs. Specific tools for OneLogin are built on request — contact Truto to get started. ### How does authentication work for connecting a customer's OneLogin account? OneLogin's REST API uses OAuth 2.0 client credentials for server-to-server access. Truto handles the token lifecycle, so your team doesn't need to manage credential refresh or storage. ### Does Truto handle pagination and rate limits for OneLogin's API? Yes. Truto abstracts away OneLogin's cursor-based pagination and respects its rate limits automatically, so you get complete data sets without writing retry logic or pagination code. ### Can I write data back to OneLogin, or is this read-only? OneLogin's API supports both read and write operations — including creating users, updating user state (active, suspended, deleted), and assigning roles. Truto can support these write operations through the Unified User Directory API; exact write support is configured when the integration is built for your account. ### What types of events are available through OneLogin Activities? OneLogin's event API exposes a wide range of activity types including user_login_success, user_login_failed, password_changed, MFA events, and administrative actions. These are accessible through the Activities model in Truto's Unified User Directory API. ### How quickly can I go live with a OneLogin integration via Truto? Since OneLogin tools are built on request, timelines depend on your specific requirements. However, because Truto's Unified User Directory API already defines the data models for Users, Groups, Roles, and Activities, the integration build is scoped and predictable — typically much faster than building directly against OneLogin's API.