Once configured, users can sign in to Kadence using their OneLogin credentials—without needing a separate password.

🛠️ Prerequisites

Before setting up OneLogin SSO, make sure that:

You have an active OneLogin licence
You are a Global Admin in Kadence
You have access to a OneLogin Admin account, or support from your OneLogin administrator

To log in via OneLogin SSO, users must have a Kadence account with the same email address as their OneLogin user account.

⚙️ Supported Features

The Kadence–OneLogin integration supports:

IdP-initiated SSO (users start in OneLogin)
SP-initiated SSO (users start on the Kadence login page)

🔧 Step 1: Add Kadence to OneLogin

Sign in to your OneLogin Admin portal as a Superuser or Account Owner
Click Administration
Navigate to Applications → Applications
Click Add App
Search for Kadence and select it

Configure the application

Enter a Kadence SSO Alias
- Use lowercase letters and numbers only
- Example: Company name “Bellyard Coffee” → bellyard or bellyardcoffee
Click Save

📌 Keep a note of your SSO alias — you’ll need it later.

Once saved, the Info tab will appear in the application menu.

🔑 Step 2: Find Your OneLogin Client ID, Secret & Issuer URL

You’ll now collect the details required to complete setup in Kadence.

In the OneLogin Admin portal, go to Administration → Applications → Applications
Select your Kadence application
Open the SSO tab
Under Enable OpenID Connect, copy:
- Client ID
- Client Secret
- Issuer URL
Click Save

💡Store these values temporarily in a plain-text editor (e.g. Notepad).

🔒 Step 3: Enforce Single Sign-On (Optional)

To fully enforce SSO and prevent users from bypassing OneLogin by setting or resetting passwords, we strongly recommend blocking specific automated Kadence emails before or during rollout.

If you do not wish to enforce SSO and want your users to be able to login without SSO, skip to Step 4.

🛑 Block “Welcome to Kadence” Emails

When users are provisioned, Kadence may send a welcome email prompting them to set a password. Blocking this ensures users only access Kadence via SSO.

Block or filter emails from: [email protected]

Filter by subject line: Welcome to Kadence

Do not block all emails from this address. Other critical notifications (such as check-in reminders and booking confirmations) are also sent from this domain.

🔐 Block Password Reset Emails (SSO Recommended)

If your organisation uses Single Sign-On, blocking password reset emails prevents users from bypassing SSO authentication.

Block or filter emails from: [email protected]

Filter by subject line: Reset your password

Do not block all emails from this address. Blocking only this subject ensures SSO remains enforced while preserving essential notifications.

🔄 When should I apply these blocks?

We recommend applying these email filters:

Before enabling SSO, or
Before syncing users into Kadence, especially via Directory Sync

This ensures users only authenticate using OneLogin from day one.

🔗 Step 4: Enable OneLogin SSO in Kadence

Now connect OneLogin and Kadence.

Log in to Kadence
Navigate to Settings → Integrations
Under Single Sign-On (SSO), select OneLogin
Click Set up single sign-on
Enter the following:
- Client ID
- Client Secret
- Issuer URL
- Kadence SSO Alias
Click Add

If successful, you’ll see a confirmation message at the top of the screen.

🔐 Step 5: Logging in with OneLogin SSO

Once OneLogin is integrated, users can log in by:

Navigating to https://login.onkadence.co
Clicking the OneLogin icon under the login form
Entering their email address
Authenticating via OneLogin
Being redirected back to Kadence

🧯 Troubleshooting & Tips

User email addresses in OneLogin and Kadence must match exactly
You cannot enable OneLogin SSO if another SSO provider (e.g. Okta) is already configured
The Kadence SSO alias must be globally unique
- If your first choice is taken, update it in OneLogin and re-enter it in Kadence