This guide applies to Mac computers
When logging in at the Passport Login Window, the full email address should always be used in the username field to ensure the authentication session is connected to the identity provider and not local authentication. To avoid confusion with using email addresses at the FileVault Login Window, ensure that the Managed user visibility box is unchecked on the Login Window Library Item. You can read more about this in our Passport Compatibility article.
About Passport Troubleshooting with OneLogin
Passport troubleshooting with OneLogin involves resolving authentication issues that occur when using Passport with OneLogin as your identity provider. This guide helps identify and resolve common configuration and authentication problems specific to OneLogin integration.How It Works
When Passport authentication issues occur with OneLogin, troubleshooting involves checking OneLogin application settings, verifying OIDC configuration, examining authentication flows, and resolving configuration mismatches between Passport and your OneLogin tenant.Iru Endpoint Passport Diagnostics
If a user can’t log in at the Passport login window, you can bring up Iru Endpoint Passport Diagnostics by pressing Command-Shift-K-L on the keyboard. You will see helpful information, such as error messages from your identity provider (IdP).Network Connectivity
Passport requires network connectivity to check user credentials against the IdP. When customizing the login window in Passport, show the network manager so users can join a Wi-Fi network as necessary. The network manager respects AirPort security settings in macOS.Common OneLogin errors
Couldn’t Communicate
Error: Couldn’t communicate with helper application (OneLogin) Resolution: Make sure the URL is correct in Iru Endpoint. NOTE: The Issuer URL for OneLogin ishttps://<subdomain>.onelogin.com/oidc/2/.well-known/openid-configuration