# Authenticate using OneLogin

## `zli v. 6.15.12`

{% hint style="warning" %}
**IMPORTANT**

This `zli` release is *<mark style="color:purple;">**mandatory**</mark>* for all Okta-based BastionZero organizations.

This can be done via:

* `yum update zli` for yum
* `brew upgrade zli` for Homebrew
* `apt update,` followed by an `apt install zli` for apt

This change has no impact on our APIs or web app access.
{% endhint %}

{% hint style="info" %}
**IMPORTANT REMINDER**\ <mark style="color:purple;">**`zli v. 6.14.3`**</mark>\*\* introduces a change to the context name used when connecting to a Kubernetes cluster secured by BastionZero.\*\*\
\
\&#xNAN;**>** **`Bzero-context`** is *no longer used* to connect to your cluster. Instead, all contexts follow a format that includes both the `targetUser` (Kubernetes role) and `targetName` (cluster name): <mark style="color:purple;">`bzero-{targetUser}@{targetName}`</mark>\
\&#xNAN;**>** Each Kubernetes connection creates an additional context entry following the same `bzero-` format mentioned above\
\&#xNAN;**>** `zli generate kubeConfig` is *no longer required* before connecting to a Kubernetes target. Simply run `zli connect {targetUser}@{targetName}`, and the `zli` will update your `kubeconfig` to a new context entry to connect to your target\
\&#xNAN;**>** Before upgrading, adjust any tooling that relies on the former context name, `bzero-context`
{% endhint %}

### New

* **OneLogin authentication support.** The latest `zli` release, `v. 6.14.3`, contains support for authenticating to BastionZero via OneLogin SSO. To set up a OneLogin organization, see our [product docs](https://docs.bastionzero.com/docs/admin-guide/authentication/sso-management) for a step-by-step guide

### Enhancements

* **JIT policy expiration and policy modification.** Improved error messaging is returned to users when their JIT policy expires and/or they have lost access to a target due to policy modification

### Fixes

* **`zli send-logs`.** Resolved issue so `zli send-logs` sends `zli` logs when no daemon logs exist

## `bzero v. 7.5.2`

### New

* **OneLogin support.** This release of `bzero` includes the changes required to support OneLogin authentication support
* **\[Released 21 December] ARM64 bzero agent.** Resolved issue with installing the ARM64 `bzero` agent

### Enhancements

* **JIT policy expiration and policy modification.** This release of `bzero` includes the changes needed to improve error messaging when users' JIT policy expires and/or they have lost access to a target due to policy modification

### Fixes

* **Log level.** Resolved issue with the `-logLevel` flag in both the systemD and Kube agents

## Web app & backend

### New

* **OneLogin groups support.** The latest backend release contains support for [integrating OneLogin groups](https://docs.bastionzero.com/docs/admin-guide/authentication/sso-management) with BastionZero. This capability allows you to create policy using OneLogin groups rather than having to name specific users

### Enhancements

* **SSH connection response.** Improved the SSH connection response to include the target user

### Fixes

* **Onboarding tool.** Resolved issue with the onboarding tool when onboarding a cluster with the same name as a current `offline` cluster
* **BastionZero app on Slack.** Resolved issue preventing the BastionZero app from accepting JIT requests for tunnel or file transfer verbs
* **SSH connections**. Resolved issue with revoking active SSH connections when policy is modified
* **Connect to targets with altered control channel.** Resolved issue with connecting to a target after the control channel has changed AWS availability regions

For questions or to provide feedback on how we can improve our updates, reach out to [<mark style="color:purple;">product@bastionzero.com</mark>](mailto:product@bastionzero.com).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://changes.bastionzero.com/2023/authenticate-using-onelogin.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.