Skip to content
To Legacy DocumentationTo Comet website
Doc version: 2.4.8-alexb

OneLogin

OneLogin Integration

Comet supports OAuth2 authentication from an approved OneLogin application. Once an OneLogin application has been integrated, a specific Comet URL can be used to login.
New users logging in for the first time will automatically have a new user created using onelogin user information. Once logged in the user can perform all actions a normal login provides.

Basic Requirements

Prerequisites Comet Implements an OAuth 2 OpenID Connect Authorization Code Flow through OneLogin. The OneLogin Documentation to setup an Application can be found here.
A sample application has been highlighted below.

Once the Onelogin application is successfully created, go to the Application SSO tab.

Application Settings

On this tab, there are two configurable parameters to set. The Application Type should be set to Web, and the Token Endpoint Authentication Method should be set to Basic

onelogin_app_sso_settings

Once these have been set, head on over to the Application Configuration tab.

onelogin_app_sso_configuration

This tab contains another two configurable parameters to set. The Login URI starts the auth process and must be set to https://company-comet-domain/onelogin-login The Redirect URIs are used to complete the auth process and must be set as follows:

https://company-comet-domain/api/onelogin/oauth_callback/onelogin
https://company-comet-domain/api/auth/logout
The Redirect URIs are callback endpoints that OneLogin uses to send authentication responses and ID tokens. The Logout URI is the location OneLogin will redirect the user after logout by OIDC. If you do not want to redirect after logout you can leave this blank

Applications - SSO This tab contains the ClientID and Client Secret which are used to authenticate the Onelogin Application to Comet.

onelogin_app_sso_secrets

Take note of the credentials as you'll be using these shortly.

Configuring Comet to use Onelogin on Linux installs

Run cometctl aio update-config and set/replace the following variables:

Replace the existing environment_token with the following value: environment_token: onprem-onelogin-auth

Append the following to the end of the file, replacing on_prem_one_login_client_key and on_prem_one_login_client secret with the credentials retrieved from the previous step.

one_login_oauth_enabled: true
on_prem_one_login_client_key: "ClientID"
on_prem_one_login_client_secret: "ClientSecret"

If you're configuring this as part of your installation, you may now run cometctl aio install

Configuring Comet to use Okta on Kubernetes/Helm installs

Set the following variables in your local values.yaml.

frontend:
  environmentToken: "onprem-okta-auth"

backend:
  oneLoginOauthEnabled: true
  oneLoginClientKey: "ClientID"
  oneLoginClientSecret: "ClientSecret"
After setting up those variables you may want to restart your deployment with 
helm upgrade --namespace default -f values.yaml comet-release comet-ml/cometml
Feb. 9, 2024