OneLogin · Capability
OneLogin API
OneLogin REST API for identity and access management. Provides programmatic access to users, roles, apps, MFA, branding, connectors, reports, SAML assertions, smart hooks, and Vigilance AI. Authentication is handled via OAuth 2.0 bearer tokens.
What You Can Do
POST
Generatetoken
— Generate access token
/auth/oauth2/v2/token
POST
Revoketoken
— Revoke access token
/auth/oauth2/revoke
GET
Listusers
— List users
/api/1/users
POST
Createuser
— Create user
/api/1/users
GET
Getuser
— Get user by ID
/api/1/users/{id}
PUT
Updateuser
— Update user by ID
/api/1/users/{id}
DELETE
Deleteuser
— Delete user by ID
/api/1/users/{id}
GET
Getuserapps
— Get apps for a user
/api/1/users/{id}/apps
GET
Getuserroles
— Get roles for a user
/api/1/users/{id}/roles
POST
Assignuserrole
— Assign role to user
/api/1/users/{id}/roles
DELETE
Removeuserrole
— Remove role from user
/api/1/users/{id}/roles/{role_id}
PUT
Setuserpassword
— Set user password
/api/1/users/{id}/password
PUT
Setusercustomattribute
— Set custom attribute
/api/1/users/{id}/custom_attributes
PUT
Setuserstate
— Set user state
/api/1/users/{id}/state
POST
Logoutuser
— Log user out
/api/1/users/{id}/logout
POST
Lockuser
— Lock user account
/api/1/users/{id}/lock
GET
Getroles
— Get roles
/api/1/roles
GET
Listrolesv2
— List roles (v2)
/api/2/roles
POST
Createrole
— Create role
/api/2/roles
GET
Getrole
— Get role by ID
/api/2/roles/{id}
PUT
Updaterole
— Update role
/api/2/roles/{id}
DELETE
Deleterole
— Delete role
/api/2/roles/{id}
GET
Listapps
— List apps
/api/2/apps
POST
Createapp
— Create app
/api/2/apps
GET
Getapp
— Get app by ID
/api/2/apps/{id}
PUT
Updateapp
— Update app
/api/2/apps/{id}
DELETE
Deleteapp
— Delete app
/api/2/apps/{id}
POST
Generatesamlassertion
— Generate SAML assertion
/api/1/saml_assertion
POST
Verifysamlfactor
— Verify factor for SAML
/api/1/saml_assertion/verify_factor
GET
Getotpdevices
— Get available auth factors
/api/1/users/{id}/otp_devices
POST
Enrollfactor
— Enroll auth factor
/api/1/users/{id}/otp_devices
MCP Tools
generatetoken
Generate access token
revoketoken
Revoke access token
listusers
List users
read-only
idempotent
createuser
Create user
getuser
Get user by ID
read-only
idempotent
updateuser
Update user by ID
idempotent
deleteuser
Delete user by ID
idempotent
getuserapps
Get apps for a user
read-only
idempotent
getuserroles
Get roles for a user
read-only
idempotent
assignuserrole
Assign role to user
removeuserrole
Remove role from user
idempotent
setuserpassword
Set user password
idempotent
setusercustomattribute
Set custom attribute
idempotent
setuserstate
Set user state
idempotent
logoutuser
Log user out
lockuser
Lock user account
getroles
Get roles
read-only
idempotent
listrolesv2
List roles (v2)
read-only
idempotent
createrole
Create role
getrole
Get role by ID
read-only
idempotent
updaterole
Update role
idempotent
deleterole
Delete role
idempotent
listapps
List apps
read-only
idempotent
createapp
Create app
getapp
Get app by ID
read-only
idempotent
updateapp
Update app
idempotent
deleteapp
Delete app
idempotent
generatesamlassertion
Generate SAML assertion
verifysamlfactor
Verify factor for SAML
getotpdevices
Get available auth factors
read-only
idempotent
enrollfactor
Enroll auth factor