> ## Documentation Index
> Fetch the complete documentation index at: https://www.c1.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Get started with OneLogin application requests

> Follow this guide to get started with self service requests for OneLogin apps.

## Before you begin

To complete this guide, you'll need:

* C1 **Super Administrator** or **Connector Administrator** role
* A OneLogin account

**Estimated time:** 10 minutes

## Step 1: Integrate your OneLogin instance

Start by integrating your OneLogin instance with C1. Use the [OneLogin connector](/baton/onelogin) to sync OneLogin to C1.

Once connected, C1 ingests all of the users, apps, groups, and other entitlements and resources from OneLogin.

## Step 2: Convert an OneLogin app to a managed app

Before managing access to an OneLogin app, you'll need to begin managing it with C1.

<Steps>
  <Step>
    Navigate to **Apps** and click the **Unmanaged apps** tab.
  </Step>

  <Step>
    Find the application you want to enable for self-service or lifecycle management.
  </Step>

  <Step>
    Click **Manage**.
  </Step>
</Steps>

<Tip>
  **Don’t stress.**

  Converting an app from unmanaged to managed in C1 does not change any configuration in the IdP.
</Tip>

Once an application is managed, you can enforce access controls, run user access reviews, and drive lifecycle management for the app.

## Step 3: Configure the app entitlements (optional)

Every managed application in C1 comes with a **Credential** resource. This "access entitlement" is used to manage account level access to application. In OneLogin, at a minimum, this means that the user is assigned to the OneLogin app.

Additionally, applications configured in OneLogin may use groups to SCIM roles and permissions to the connected application. C1 can easily convert these **linked entitlements** into resources and entitlements in your C1 instance.

If groups are assigned to the application in OneLogin, you can convert these linked entitlements from OneLogin into in-app entitlements in the C1 app:

<Steps>
  <Step>
    Click **Entitlements**, then click the **Linked entitlements** icon at the top right corner of the entitlements table (the icon looks like a Venn diagram).
  </Step>

  <Step>
    In the **Linked entitlements** drawer, click the **Setup** tab.
  </Step>

  <Step>
    For each IdP entitlement C1 has identified as linked to the app, choose an action:

    * **Create virtual role**: Set up a new role in the app that will be linked to the IdP entitlement. This role will only exist in C1, and will function as an alias for the IdP entitlement. Your colleagues can request and review the role, which will appear as part of the app, but they will in actuality be requesting or reviewing the IdP entitlement.

    * **Provision access for**: Link the IdP entitlement to an existing entitlement in the app. When your colleagues request or review the app entitlement, they will also be requesting or reviewing the IdP entitlement.

    * **Skip**: Do nothing.
  </Step>

  <Step>
    When you've made all of your selections, click **Save**.
  </Step>
</Steps>

C1 will now create the resources and entitlements in the managed app, and importantly, will set a binding for that entitlement to the OneLogin group (we'll get to bindings later). For now, just know that this allows us to perform magic!

## Step 4: Configure the app and entitlements for self service

Now we'll configure the application and any entitlements we created in Step 3 so they're ready for self-service requests.

<Steps>
  <Step>
    On the app's **Overview** page
  </Step>

  <Step>
    In the **Entitlement management** section, click **Edit** next to **Default config rules**.
  </Step>

  <Step>
    In the configuration rules pane, click the toggle to **Enable configuration rules**.
  </Step>

  <Step>
    If you want to make the app itself requestable, click **Credential** in the selected resources.
  </Step>

  <Step>
    If you want to make the roles or other entitlements you created in Step 3 requestable, select those resource types.
  </Step>

  <Step>
    In the **Access profiles** field, search for and select an access profile. For example, select **Everyone** to make the entitlements requestable by all users.
  </Step>

  <Step>
    Finally, check the box at the bottom of the screen and click **Apply**.
  </Step>
</Steps>

## Step 5: Request your OneLogin app and entitlements

Now we're ready it give it a whirl!

<Steps>
  <Step>
    Click **Requests** and make sure that **App catalog** is selected.
  </Step>

  <Step>
    Find the application you just created.

    If you've made the application requestable, you'll see a **Request** button on the app. If you've made individual entitlements requestable, you'll see those on the app.
  </Step>

  <Step>
    Select the app or an entitlement you want to request, and click **Request**.
  </Step>

  <Step>
    Enter the justification and click **Request**.
  </Step>
</Steps>

## Success!

The request will be auto-approved based on the policy, and you will be provisioned access by assigning you to the application and the correct groups in OneLogin!