5.0
OneLogin
Map groups to Lenses
Groups are case-sensitive and mapped to roles, by name, with OneLogin
Integrate your user roles with Lenses using the Keycloak role names. Create a group in Lenses using the same case-sensitive role name as in OneLogin.
For example, if the Engineers role is available in OneLogin, create a group with the same name:
![OneLogin SAML Kafka user groups](./onelogin-saml-user-group.png)
The above group will match all the users with the equivalent OneLogin roles:
![Okta SAML Kafka roles](./saml-onelogin-onelogin-role.png)
To learn how to use data centric permissions for users and service accounts check the help center .
Setup OneLogin IdP
Lenses is available in the OneLogin Application catalog.
Visit OneLogin’s Administration console. Select Applications > Applications > Add App
Add Lenses via the Application Catalog
![OneLogin Lenses.io application](./saml-onelogin-lenses-connector.png)
- Search and select
Lenses
- Optionally add a description and click save
![OneLogin SAML setup logo](./saml-onelogin-logos-setup.png)
Configure endpoints
- In the Configuration section set the base path from the url of the Lenses installation e.g.
lenses-dev.example.com
( without thehttps://
) - Click Save
![OneLogin SAML config](./saml-onelogin-saml-config.png)
Download IdP XML metadata
Download the Metadata XML file with the OneLogin IdP details.
- Use the More Actions button
- Click and download the SAML Metadata
- Reference this file’s path in the
security.conf
configuration file.
lenses.security.saml.idp.metadata.file=<path_to_file>
![OneLogin SSO Metadata XML](./saml-onelogin-idp-metadata.png)
See all SSO options .