4.0
OneLogin
Map groups to Lenses
Groups are case-sensitive and mapped to roles, by name, with OneLogin
Integrate your user roles with Lenses using the Keycloak role names. Create a group in Lenses using the same case-sensitive role name as in OneLogin.
For example, if the Engineers role is available in OneLogin, create a group with the same name:
The above group will match all the users with the equivalent OneLogin roles:
To learn how to use data centric permissions for users and service accounts check the help center .
Setup OneLogin IdP
Lenses is available in the OneLogin Application catalog.
Visit OneLogin’s Administration console. Select Applications > Applications > Add App
Add Lenses via the Application Catalog
- Search and select
Lenses - Optionally add a description and click save
Configure endpoints
- In the Configuration section set the base path from the url of the Lenses installation e.g.
lenses-dev.example.com( without thehttps://) - Click Save
Download IdP XML metadata
Download the Metadata XML file with the OneLogin IdP details.
- Use the More Actions button
- Click and download the SAML Metadata
- You will reference this file’s path in the
security.confconfiguration file.
lenses.security.saml.idp.metadata.file="/path/to/OneLoginIDPMetadata.xml"
Configure Lenses
Given the
downloaded metadata file and a
keystore
, add the
following configuration to security.conf:
lenses.security.saml.base.url="https://lenses-dev.example.com"
lenses.security.saml.idp.provider="onelogin"
lenses.security.saml.idp.metadata.file="/path/to/OneLoginIDPMetadata.xml"
lenses.security.saml.keystore.location = "/path/to/keystore.jks"
lenses.security.saml.keystore.password = "my_keystore_password"
lenses.security.saml.key.password = "my_saml_key_password"
See all SSO options .