Configure OneLogin to manage your directory of users in Banyan
OneLogin is a leading cloud-based identity management system. Banyan integrates with your organization’s OneLogin account to authenticate enterprise users that need access to Banyan secured services.
In order to set up this integration, you need will need administrative access to OneLogin and the ability to add a new SAML App.
1. In the Banyan Command Center, configure your User Identity Provider
1a. Navigate to Settings > TrustProvider Settings > Identity Provider and then set your User Identity Provider to SAML.
You will fill out these Identity Provider configuration fields after you set up the new application integration in OneLogin.
1b. Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in OneLogin below.
2. Add a New App in the OneLogin Admin Panel
2a. Log in to your OneLogin Admin Panel.
2b. Navigate to Applications > Add App. Search for and then select SAML Test Connector (Advanced) to add a SAML 2.0 app.
2c. Name the application Banyan TrustProvider and upload our logo.
2d. When asked for ACS (Consumer) URL use the Redirect URL you obtained in Step 1b. Also, set the
ACS (Consumer) URL Validator to
2e. Banyan requires your IDP’s returned SAML assertion to contain attributes can be mapped to a user’s Email, Username, and Groups.
Set the Attribute Mappings as follows:
OneLogin does not transmit its Groups via SAML attributes. Instead, we suggest using the User Roles field to group users.
2f. In the Access section, assign the Banyan TrustProvider application to
To assign the application to
Everyone, complete the following steps:
- Navigate to
- Click on
- Name the New Role, and select the green checkbox
Addand click on
- Click on the newly created Role, and select
- Add all of the relevant Users under this Role
- Click on Save
- To verify that everyone has been assigned to their respective application, complete the following:
- Navigate to
Applications, and select the relevant application
- Click on
Users, and then view all users assigned to this application
Ensure the Banyan TrustProvider SAML app you just created can be accessed by Everyone.
This will allow Banyan to federate authentication of all users in your organization to your SAML IDP.
Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.
2g. Take note of your SSO URL and download the Certificate.
3. Save the OneLogin fields in the Banyan Control Center
3a. Return to the Identity Provider page in the Banyan Control Center (Settings > TrustProvider Settings > Identity Provider).
Ensure the User Identity Provider is set to SAML, and then enter the Banyan TrustProvider App parameters from OneLogin:
- IDP SSO URL (from Step 2g)
- Entity Issuer (Optional) If set, the entity issuer value will override SSO URL as the required audience.
- IDP CA Certificate(from Step 2g)
- Username Attribute: Set to “Username”
- Email Attribute (from Step 2e)
- Groups Attribute (from Step 2e)
- Groups Delimiter: Set to “;”. This ensures OneLogin “User Roles” are correctly converted to Groups by Banyan.
3b. Click Update Identity Provider Config to save the settings.
That’s it! You have successfully integrated OneLogin to manage your directory of users in Banyan.
Last modified: Oct 07, 2021