OneLogin
Setting Up Directory Sync
Create OneLogin Credentials
In order for Pomerium to validate group membership, we'll also need to configure API Credentials in OneLogin.
From the Administration dashboard, navigate to Developers → API Credentials and select New Credential.
Name the new credential and give it "Read users" access:
A Group's ID will be used to affirm a user's group membership.
Configure Pomerium Enterprise Console
Under Settings → Identity Providers, select "Onelogin" as the identity provider and set the Client ID and Client Secret.