5.0
OneLogin
Map groups to Lenses
Groups are case-sensitive and mapped to roles, by name, with OneLogin
Integrate your user roles with Lenses using the Keycloak role names. Create a group in Lenses using the same case-sensitive role name as in OneLogin.
For example, if the Engineers role is available in OneLogin, create a group with the same name:

The above group will match all the users with the equivalent OneLogin roles:

To learn how to use data centric permissions for users and service accounts check the help center .
Setup OneLogin IdP
Lenses is available in the OneLogin Application catalog.
Visit OneLogin’s Administration console. Select Applications > Applications > Add App
Add Lenses via the Application Catalog

- Search and select
Lenses
- Optionally add a description and click save

Configure endpoints
- In the Configuration section set the base path from the url of the Lenses installation e.g.
lenses-dev.example.com
( without thehttps://
) - Click Save

Download IdP XML metadata
Download the Metadata XML file with the OneLogin IdP details.
- Use the More Actions button
- Click and download the SAML Metadata
- Reference this file’s path in the
security.conf
configuration file.
lenses.security.saml.idp.metadata.file=<path_to_file>

See all SSO options .