Drupal OneLogin Single Sign-On (SSO) Integration using OAuth / OpenID connect
Drupal Onelogin SSO integration will allow the users to log in to the Drupal site using the Onelogin Credentials.
This SSO integration is achieved by the miniOrange OAuth Client module
which uses the OAuth 2.0 and OpenID Connect
(OIDC) Protocol. This module is compatible with Drupal 7, Drupal 8, Drupal 9, as well as Drupal 10.
In this document, we will help you to configure the single Sign-on login using the OAuth protocol between the Drupal
site and the Onelogin.
After installing the module, navigate to the Configuration -> miniOrange OAuth Client
Configuration -> Configure OAuth tab and select Onelogin from the
Select Application dropdown list.
Copy the Callback/Redirect URL and keep it handy.
Note:- If you have an HTTP Drupal site, and Onelogin enforces the HTTPS Redirect URI. Please navigate
to the Sign In Settings tab of the module and set the base URL of the site with HTTPS in
the Base URL text field.
Enter the application name in the Display Name text field. For example, Onelogin
Configure OAuth/OpenID SSO Application in Onelogin:
Navigate to Applications and select Applications on hover.
Click on the Add App button.
In the search box, enter OpenId Connect and click on the OpenId Connect (
By default, the Display Name is pre-filled with OpenId Connect (OIDC). Please
Enter an appropriate display name, scroll to the bottom, provide a Description, and click on
the Save button.
From the left navigation panel, click on the Configuration.
Paste the copied Callback/Redirect URL into the Redirect URI's text field and
click on the Save button.
Integrating Drupal with Onelogin:
Navigate to the OneLogin portal.
From the left navigation panel, click on the SSO tab.
From the Enable OpenID Connect section copy the Client ID.
Navigate to the Drupal site and paste the copied Client ID into the respective text field.
Navigate back to the OneLogin portal and click on the Show client secret link. Copy the
Head back to the Drupal site, and paste the copied Client Secret into the Client
Secret text field.
Please find the OneLogin Scope and Endpoints from the table below:
Access Token Endpoint
In the Endpoint URLs replace ‘’ with the OneLogin subdomain.
The 'Send Client ID and Secret in Header or Body' checkbox allows you to specify whether the Client ID and
Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option
to select, you can stick with the default settings.
Click on the checkbox to Enable Login with OAuth, scroll down, and click the Save
How to Assign Users in the OneLogin Application:
Go to the Onelogin Dashboard.
Navigate to the Users tab in the top menu and select Users on hover.
Search for users in the search box, and then select the user to whom you want to grant access.
From the left navigation menu, click on the Applications.
Under Applications, click the Plus (+) sign button.
On the popup, select the application from the dropdown list for which you want to enable SSO for that assigned user, and then click the Continue button.
On the next screen, check the box to Allow the user to sign in and then click on the Save button.
The user has been assigned to your application.
Test connection between Drupal and OneLogin:
Navigate to the Drupal site and click on the Perform Test Configuration button.
On a Test Configuration popup, if you don't have an active session in OneLogin on the same browser, you'll be prompted to sign in to OneLogin. Once successfully logged in, you'll receive a list of attributes retrieved from OneLogin.
Scroll down and click on the Configure Attribute / Role Mapping button.
On the Attribute & Role Mapping tab, please select the attribute under which the email of the user is received from the Email Address drop-down menu. Similarly, you can select the suitable option from the Name Attribute drop-down menu.
Scroll to the bottom and click on the Save Configuration button.
Please note: Mapping the Email Attribute is mandatory for Single Sign-On.
Congratulations! You have successfully configured OneLogin as OAuth/OpenID Provider and Drupal as an
How to perform
Now, open a new browser/private window and go to your Drupal site login page.
Click on the Login using the Onelogin link to initiate the SSO from Drupal.
If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
If you face any issues during the configuration or if you want some additional features, please contact us at firstname.lastname@example.org.
After I click on the logout in Drupal, it sends me back to
the Drupal homepage. However, when I try to login with other user, it doesn’t ask me to login but
automatically logs me in with same user
The logout functionality you’ve mentioned here is the default
behavior of a module. It’s logging you out of Drupal but not from your Application/Provider.
To allow the module to logout from your provider/application account (what you are looking for), you
need to make the below configurations: [know more]
I purchased the paid Drupal module and replaced it with
the free module, but still I am not able to use paid features.
As you have upgraded to one of our paid versions of the
Drupal module and replaced the free module with the paid one, you must first activate the paid
module. Please refer to the below steps. [Know more]
miniOrange has successfully catered to the use cases of 400+ trusted customers with its highly
flexible/customizable Drupal solutions. Feel free to check out some of our unique case studies using
Feel free to explore other Drupal solutions that we offer here. The
popular solutions used by our trusted customers include Two Factor Authentication - 2FA, Website
Security, REST & JSON API Authentication, User Provisioning and Sync.
If you dont hear from us within 24 hours, please feel free to send a follow up email to email@example.com
This privacy statement applies to miniorange websites describing how we handle the personal
When you visit any website, it may store or retrieve the information on your browser, mostly in the
form of the cookies. This information might be about you, your preferences or your device and is
mostly used to make the site work as you expect it to. The information does not directly identify
you, but it can give you a more personalized web experience.
Click on the category headings to check how we handle the cookies.
Strictly Necessary Cookies
Necessary cookies help make a website fully usable by enabling the basic functions like site
navigation, logging in, filling forms, etc. The cookies used for the functionality do not store any
personal identifiable information. However, some parts of the website will not work properly without
These cookies only collect aggregated information about the traffic of the website including -
visitors, sources, page clicks and views, etc. This allows us to know more about our most and least
popular pages along with users' interaction on the actionable elements and hence letting us improve
the performance of our website as well as our services.