OneLogin - ADC Upgrade

  • Published on Aug 7, 2025
Prev Next

Introduction

Occasionally, OneLogin makes a new ADC Agent available. This covers the process for upgrading an agent.

Intended Audience

Clients who have ADC software installed on servers that are not managed by Expedient. If there are multiple ADCs connecting to different domains, they must each be reviewed and upgraded

Prerequisites

Download the installer

The latest version can be found at https://download.expedient.com/OneLogin

Username: expedient

Password: publ1c

Find Servers Running ADC

If you are unsure which server is running the OneLogin ADC agent, a search can be done from any Domain Controller

  1. Basic domain server search: (may take a while if a lot of domain members)

    1. Get-ADComputer -Filter { Enabled -eq $true } | ? { Get-Service -ComputerName $_.Name -DisplayName OneLogin* } | select Name

  2. If there are a large amount of domain servers, may need to add additional filters

    1. ... { Enabled -eq $true -and Name -like "*partialhostname*" } ...

Ensure Credentials are Known

The ADC connects to Active Directory with domain credentials. If there are multiple ADCs connected to a single domain, they should use the same credentials.

Review the Config file

Any customizations made to the agent can be found in the following directory

C:\Program Files (x86)\OneLogin, Inc\OneLogin Active Directory Connector\ConnectorService.exe.config

Any customizations can be in the applicationSettings XML leaf. If there are customizations to the .config file, make a copy of the config file. These customizations will need to be copied from the old to the new config file during the upgrade.

Upgrade Process

  1. Run the new Installer (.msi file)

  2. Enter the Installation Token from the ADC page in OneLogin portal

    1. Each ADC has a unique Installation Token

    2.  

    3.  

  3. Select Use Existing Account

    1.  

  4. Default port 8080

  5. US shard

  6. Install

  7. Because ADC is running, it will ask to stop and restart the service

    1.  

  8. Wait for the installation to complete

  9. Confirm in OneLogin portal that the ADC is showing the new version and is healthy

    1. Wait the FULL 15mins for the ADC to complete the first sync

    3.  

If Upgrade option fails, Uninstall and Reinstall

  1. Open Control Panel > Uninstall a program

  2. Uninstall OneLogin Active Directory Connector

  3. Wait for uninstall to complete

  4. Move C:\ProgramData\OneLogin, Inc folder to a staging folder temporarily in case of an issue

  5. Run the .msi installer from ADC folder

  6. Enter the Installation Token

  7. Enter the service account credentials

  8. Wait for the installation to complete

  9. If there are customizations to be made to the config file:

    1. Stop the ADC service

    2. Make a copy of the existing new config file in case a reversion is necessary

    3. Copy the XML sections over from the old config file to the new config file

      1. Double check that the customizations are being place in the correct XML leaf

    4. Start the ADC service

  10. Review the portal for the health of the ADC

    1. It may take a few 15-minute sync cycles before it is showing healthy and the correct ADC version

    2. Double-check that the instance shows the server name. Either Name and/or Hostname or IP can be edited with the name of the server hosting the instance

  11. There is a log under Event Viewer. This log will show a few errors if there are any trusts due to the service account not having permissions to the other domains.