Configure OneLogin to manage your directory of users in Banyan

This article describes features that are only available in the Banyan Business edition and Banyan Enterprise edition.

OneLogin is a leading cloud-based identity management system. Banyan integrates with your organization’s OneLogin account to authenticate enterprise users that need access to Banyan secured services.

Pre-requisites

In order to set up this integration, you need will need administrative access to OneLogin and the ability to add a new SAML App.

Steps

1. In the Banyan Command Center, configure your User Identity Provider

1a. Navigate to Settings > TrustProvider Settings > Identity Provider and then set your User Identity Provider to SAML.

You will fill out these Identity Provider configuration fields after you set up the new application integration in OneLogin.

1b. Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in OneLogin below.

2. Add a New App in the OneLogin Admin Panel

2a. Log in to your OneLogin Admin Panel.

2b. Navigate to Applications > Add App. Search for and then select SAML Test Connector (Advanced) to add a SAML 2.0 app.

2c. Name the application Banyan TrustProvider and upload our logo.

2d. When asked for ACS (Consumer) URL use the Redirect URL you obtained in Step 1b. Also, set the ACS (Consumer) URL Validator to .*.

2e. Banyan requires your IDP’s returned SAML assertion to contain attributes can be mapped to a user’s Email, Username, and Groups.

Set the Attribute Mappings as follows:

  • Email -> Email
  • Username -> {firstname} {lastname}
  • Groups -> User Roles

OneLogin does not transmit its Groups via SAML attributes. Instead, we suggest using the User Roles field to group users.

2f. In the Access section, assign the Banyan TrustProvider application to Everyone.

To assign the application to Everyone, complete the following steps:

  1. Navigate to Users > Roles
  2. Click on New Role
  3. Name the New Role, and select the green checkbox
  4. Select Apps to Add and click on Save
  5. Click on the newly created Role, and select Users
  6. Add all of the relevant Users under this Role
  7. Click on Save
  • To verify that everyone has been assigned to their respective application, complete the following:
  1. Navigate to Applications, and select the relevant application
  2. Click on Users, and then view all users assigned to this application

Ensure the Banyan TrustProvider SAML app you just created can be accessed by Everyone.

This will allow Banyan to federate authentication of all users in your organization to your SAML IDP.

Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.

2g. Take note of your SSO URL and download the Certificate.

3. Save the OneLogin fields in the Banyan Control Center

3a. Return to the Identity Provider page in the Banyan Control Center (Settings > TrustProvider Settings > Identity Provider).

Ensure the User Identity Provider is set to SAML, and then enter the Banyan TrustProvider App parameters from OneLogin:

  • IDP SSO URL (from Step 2g)
  • Entity Issuer (Optional) If set, the entity issuer value will override SSO URL as the required audience.
  • IDP CA Certificate(from Step 2g)
  • Username Attribute: Set to “Username”
  • Email Attribute (from Step 2e)
  • Groups Attribute (from Step 2e)
  • Groups Delimiter: Set to “;”. This ensures OneLogin “User Roles” are correctly converted to Groups by Banyan.

3b. Click Update Identity Provider Config to save the settings.


That’s it! You have successfully integrated OneLogin to manage your directory of users in Banyan.



Last modified: Oct 07, 2021