Skip to main content

OneLogin Authentication Provider

The Backstage core-plugin-api package comes with a OneLogin authentication provider that can authenticate users using OpenID Connect.

Create an Application on OneLogin

To support OneLogin authentication, you must create an Application:

  1. From the OneLogin Admin portal, choose Applications
  2. Click Add App and select OpenID Connect
    • Display Name: Backstage (or your custom app name)
  3. Click Save
  4. Go to the Configuration tab for the Application and set:
    • Login Url: http://localhost:3000
    • Redirect URIs: http://localhost:7007/api/auth/onelogin/handler/frame
  5. Click Save
  6. Go to the SSO tab for the Application and set:
    • Token Endpoint > Authentication Method: POST
  7. Click Save


The provider configuration can then be added to your app-config.yaml under the root auth configuration:

environment: development
issuer: https://<company>

The OneLogin provider is a structure with three configuration keys; these are found on the SSO tab for the OneLogin Application:

  • clientId: The client ID
  • clientSecret: The client secret
  • issuer: The issuer URL

Adding the provider to the Backstage frontend

To add the provider to the frontend, add the oneloginAuthApi reference and SignInPage component as shown in Adding the provider to the sign-in page.