onelogin-python-sdk

Official Python SDK for the OneLogin API, enabling you to programmatically manage users, roles, groups, and authentication in your OneLogin instance.

For more information about the OneLogin API, visit the OneLogin API Documentation.

Support

OneLogin by One Identity open source projects are supported through OneLogin GitHub issues. This includes all scripts, plugins, SDKs, modules, code snippets or other solutions. For assistance with any OneLogin by One Identity GitHub project, please raise a new Issue on the OneLogin GitHub issues page. Requests for assistance made through official One Identity Support will be referred back to GitHub where those requests can benefit all users.

Requirements

• Python 3.7+
• Dependencies:
  • Pydantic 2.11+ (latest version)
  • urllib3 2.0.2+
  • python-dateutil 2.5.3+
  • aenum 3.1.11+

Installation & Usage

pip install

You can install directly using pip:

pip install onelogin

For development and testing, install with test dependencies:

pip install onelogin[test]

Then import the package:

import onelogin

Tests

First, install the package with test dependencies:

pip install -e .[test]

Then run the tests:

pytest

Getting Started

Please follow the installation procedure and then run the following:

import os
import onelogin
from onelogin.rest import ApiException
from pprint import pprint

# Set up configuration
# Replace 'your-subdomain' with your actual OneLogin subdomain
configuration = onelogin.Configuration(
    host = "https://your-subdomain.onelogin.com"
)

# Set your API credentials
# Use environment variables to avoid hardcoding credentials
# IMPORTANT: Use ONELOGIN_CLIENT_ID and ONELOGIN_CLIENT_SECRET for your environment variables
configuration = onelogin.Configuration(
    username = os.environ["ONELOGIN_CLIENT_ID"],
    password = os.environ["ONELOGIN_CLIENT_SECRET"]
)

# Enter a context with an instance of the API client
with onelogin.ApiClient(configuration) as api_client:
    # Create an instance of the API class
    token_instance = onelogin.OAuth2Api(api_client)
    generate_token_request = {"grant_type":"client_credentials"} # GenerateTokenRequest | Request Body to Generate OAuth Token
    content_type="application/json"
    try:
        # Generate and Save Access Token
        api_response = token_instance.generate_token(generate_token_request, content_type=content_type)
        configuration.access_token = api_response.access_token
        print(configuration.access_token)
    except Exception as e:
        print("Exception when generating access token: %s\n" % e)

    user_instance = onelogin.UsersV2Api(api_client)
    try:
        # List Users
        api_response = user_instance.list_users2()
        print("The response of UsersV2Api->list_users:\n")
        pprint(api_response)
    except Exception as e:
        print("Exception when calling UsersV2Api->list_users: %s\n" % e)

Authentication

OAuth2

OneLogin API uses OAuth2 for authorization. Your client credentials (Client ID and Client Secret) are used to request an access token, which is then used for subsequent API calls.

Available Scopes

The OneLogin API supports the following scopes:

• Authentication Only: Access to authentication endpoints only (Verify Factor, Generate SAML Assertion, Create Session Login Token, Log User Out)
• Read Users: Access to GET calls for User, Role, and Group API resources
• Manage Users: Access to GET, POST, PUT, and DELETE calls for User, Role, and Group API resources (except password management and role assignment)
• Manage All: Full access to all API resources, including password management and role assignment
• Read All: Read-only access to all API resources

You can set up your API credentials with appropriate scopes in the OneLogin portal under Security > API Credentials.

Troubleshooting

ImportError with Pydantic

If you encounter an error like ImportError: cannot import name validate_call from pydantic, make sure you have Pydantic 2.11+ installed:

pip install pydantic>=2.11.0

Environment Variable Names

Make sure to set your environment variables using the names expected by your code:

export ONELOGIN_CLIENT_ID="your-client-id"
export ONELOGIN_CLIENT_SECRET="your-client-secret"

API Connection Issues

If you're having trouble connecting to the API, double-check:

• Your OneLogin subdomain is correct in the host URL
• Your API credentials have the correct scopes for the operations you're trying to perform
• Your network can reach the OneLogin API endpoints

Release Process (Maintainers)

To create a new release and publish to PyPI:

1. Go to the Releases page in GitHub
2. Click "Draft a new release"
3. Click "Choose a tag" and create a new tag following semantic versioning (e.g., v3.2.3)
4. Set the release title and description (you can use "Generate release notes" for automatic changelog)
5. Click "Publish release"

The release workflow will automatically:

• Extract the version from the tag (e.g., v3.2.3 → 3.2.3)
• Update version in pyproject.toml and __version__ in onelogin/__init__.py
• Build the Python package (sdist and wheel)
• Publish to PyPI using the configured PYPI_API_TOKEN

That's it! The entire release process is automated from a single GitHub Release creation.