3 Ways to Update Users in OneLogin

Explore three methods to update users in OneLogin, offering options to manage account changes across your organization at scale
The author of the article Chris Shuptrine
Oct 2025
3 Ways to Update Users in OneLogin

Keeping user records in OneLogin current is a constant chore, new hires, role changes, leavers. If profiles, groups, and mappings drift, SSO breaks and access risk rises.

This guide shows three practical ways to update users: quick edits in the Admin Portal, bulk changes with CSV import, and automation with the OneLogin Users API. You’ll know when to use each, how they scale, and what to watch for.

Table of Contents

Pro Tip: Too long? Ask ChatGPT to summarize →

Use OneLogin’s UI

Here, you’ll use the OneLogin admin UI to update an existing user. This follows the OneLogin Admin Guide for editing users in the console.

Open the user’s profile

  • Sign in to the OneLogin Admin portal.
  • Go to Users, then Users.
  • Search by name, email, or username. You can also filter by status.
  • Click the user’s name to open their profile. OneLogin’s Admin Guide: Users describes this page and its tabs.

Update core profile details

  • On the Profile tab, review what’s editable. If the user is managed by a directory like AD, many fields are read-only and must be changed in the source directory. The profile shows the Directory status so you know where changes must happen.
  • Edit standard fields:
    • First name and Last name
    • Email and Username
    • Title, Department, Manager
    • Phone numbers and Location
  • Keep in mind:
    • Changing Username or Email can affect login and SSO mappings.
    • Required fields must be set before you can save.
    • If you use User Mappings, changes here can trigger new role or app assignments after you save. OneLogin’s Admin Guide: User Mappings covers this behavior.

Adjust access with roles and groups

  • Open the Roles tab to add or remove roles tied to this user. Roles control app access and policies. This aligns with OneLogin’s Admin Guide: Roles.
  • Use the Groups tab if you organize users with groups for policy or app targeting. See OneLogin’s Admin Guide: Groups for how groups interact with policies and access.

Assign or remove applications

  • Go to the Applications tab on the user record.
  • Add an app to grant access, or remove one to revoke access.
  • If you normally assign apps by role or mapping, keep it consistent and avoid one-off direct assignments unless needed. OneLogin’s Admin Guide: Applications explains the tradeoffs.

Review security settings

  • Open the Security tab to handle sign-in and MFA items:
    • Send a password reset email or expire the password now, if the user’s password is managed by OneLogin.
    • Reset or clear MFA devices so the user re-enrolls at next login.
    • Unlock the user if their account is locked.
    • Check Policies or Sessions tabs if you need to view active sessions or confirm which policy applies. OneLogin’s Admin Guide: MFA and Security Policies covers these options.

Save and verify

  • Click Save User. Watch for a success banner.
  • If you changed access, confirm the user can see the right apps on their OneLogin portal.
  • If you updated fields that drive mappings, recheck their Roles and Applications tabs after saving. Mappings are re-evaluated on edit, as noted in OneLogin’s Admin Guide: User Mappings.

Quick troubleshooting tips

  • Fields are read-only: The user is directory-managed. Change the data in your directory, then let it sync.
  • App access looks wrong after save: A mapping or role may have reassigned access. Check the Mappings log on the user or review your mapping rules.
  • User can’t log in after a username change: Verify the Username matches what your authentication policy expects, and update any downstream apps that rely on it.

These steps mirror OneLogin’s Admin Guide topics: Users (Add and Edit Users), Roles, Groups, Applications, User Mappings, and MFA and Security Policies.

Use Torii

Instead of using OneLogin directly, you can leverage Torii, a SaaS Management Platform, to update user in OneLogin. SMPs centralize SaaS subscriptions and integrations in one place, enabling you to programmatically on/offboard users, view subscription details, and more.

Compared to the manual approach in OneLogin, Torii lets you automate the flow so the action runs as soon as a trigger occurs. Triggers might include a new hire, an employee offboarding, or a contract renewal. This saves time when the task needs to be repeated often.

To update user in OneLogin straight from Torii, follow these steps:

1. Sign up for Torii

Contact Torii, and request your free two-week proof-of-concept.

2. Connect your OneLogin account to Torii

Once your account is active, connect OneLogin to Torii (assuming you already have an account). Here are the instructions for the OneLogin integration.

torii onelogin dashboard

3. Create a Torii workflow for OneLogin

Within Torii, create automated workflows to update user in OneLogin. Go to the Workflows tab, define a trigger, then add an action that will update user in OneLogin. From that point on, whenever the trigger is met, OneLogin will be updated.

creating onelogin workflows in torii

Use OneLogin’s API

Here, you’ll use the OneLogin API to update a user. You’ll get an access token, find the user’s ID, send the update, then confirm it worked.

Get an OAuth 2.0 access token

You need a bearer token before calling any user endpoints. Use the right base URL for your region: api.us.onelogin.com or api.eu.onelogin.com. Your API client must have permission to manage users.

Example curl is:

curl -s -X POST "https://api.us.onelogin.com/auth/oauth2/token" \
-H "Content-Type: application/json" \
-H "Authorization: client_id:YOUR_CLIENT_ID, client_secret:YOUR_CLIENT_SECRET" \
-d '{"grant_type":"client_credentials"}'

Save the value of access_token from the response. You’ll pass it as a Bearer token.

Find the user ID you want to update

If you already have the user ID, skip this. If not, search by a unique field like email, username, or external_id.

Example curl is:

curl -s -X GET "https://api.us.onelogin.com/api/2/[email protected]" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Accept: application/json"

From the response’s data array, grab the user’s id.

Send the update with PUT

Send only the fields you want to change. The Users v2 endpoint accepts partial updates. Include custom_attributes if you need to change custom fields.

Example curl is:

curl -s -X PUT "https://api.us.onelogin.com/api/2/users/USER_ID" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-D '{
    "firstname": "Alice",
    "lastname": "Ng",
    "title": "Senior Analyst",
    "department": "Operations",
    "phone": "+1 555 0100",
    "custom_attributes": {
        "cost_center": "1234"
    }
}'

Watch the response: On success, status.type is success and the updated user appears in data[0].

Verify the update

Confirm the change by fetching the user again.

Example curl is:

curl -s -X GET "https://api.us.onelogin.com/api/2/users/USER_ID" \
-H "Authorization: Bearer YOUR_ACCESS_TOKEN" \
-H "Accept: application/json"

Tips for common issues

  • If you get 401:
    • Check the token request, expiration, and that you send Authorization: Bearer YOUR_ACCESS_TOKEN.
  • If you get 404 on update:
    • The user ID is wrong or the user is deleted.
  • If you get 422:
    • A field failed validation. Common cases are duplicate email or username, or an invalid status.
  • If you get 429:
    • You hit a rate limit. Read X-RateLimit-Remaining and retry after X-RateLimit-Reset.

Frequently Asked Questions

You have three ways to update users in OneLogin: quick edits in the Admin portal, bulk CSV import, or automation via the OneLogin Users API (or a SaaS tool like Torii). Choose the method, apply changes, save, and verify access and mappings.

Use the Admin UI for one-off edits, role or app tweaks, and immediate verification. Use CSV for large bulk updates. Use the Users API or Torii when you need repeatable automation, HR integration, or large-scale, programmatic updates.

Obtain an OAuth2 bearer token, search for the user's ID by email/username, send a PUT to /api/2/users/USER_ID with only fields to change (including custom_attributes), then GET the user to verify the update.

Torii centralizes SaaS integrations so you can trigger user updates from HR events, offboarding, or contract changes. Connect OneLogin to Torii, build a workflow trigger and update action, and let Torii automate updates to reduce manual work.

401: check client credentials and Bearer token. 404: verify the user ID and that the user isn't deleted. 422: fix validation errors (duplicate email/username or invalid status). 429: respect rate limits and retry after the reset header.

Check if the user is directory-managed before editing. Avoid changing username/email without validating app mappings, update required fields, save, then re-evaluate mappings, roles, and app access. Finally, test sign-in and app visibility after changes.