PHP

Using OneLogin’s Embedded API and Launch API in PHP

OneLogin is a great service that allows companies to use Single Sign On to allow their employees or customers to access a multitude of other applications using a single username and password. We are currently using OneLogin to do just that for a client – allow their customers to sign into their WordPress platform and other linked applications using just OneLogin’s authentication. Once the user is in WordPress, we can use the Embedded API and the Launch API offered by OneLogin give them a customized portal that utilizing single signon. Here’s how we did it on a high level.

  1. Configure your application and your users in OneLogin. To attach an application to a user, open up your app.onelogin.com interface. In the top taps, go to “People”. Click “edit” next to the user you wish to add an application for. Then, to go to “Apps” tab for that person and click “add app“.
  2. Get the Embedded API security token. This can be found at https://app.onelogin.com/embedding. Check the “Embedding API can be used” checkbox and submit the form. If a token isn’t shown, click “Generate a new token“.
  3. Download and parse the apps XML file from OneLogin. The endpoint for this is https://app.onelogin.com/client/apps/embed2?token={security token}&email={email for requested user}
  4. Use the ID from the parsed XML to create a Launch API link. The URL for a Launch API link is https://app.onelogin.com/launch/{app id}

I built out a re-usable class to allow you to skip step three: https://github.com/KerryRitter/OneLogin-Embedded-API-in-PHP. All you need to do is supply your security token to the class, pass the email to get_apps_for_user() function, and pass your HTML templates to the toHtml() function. The example on that GitHub page will show you how to use this inside of WordPress. Feel free to comment if you have questions or comments.

Leave a Reply

Your email address will not be published. Required fields are marked *