Configure OneLogin to manage your directory of users in Banyan

  • Updated on Jan 09, 2024

OneLogin is a leading cloud-based identity management system. Banyan integrates with your organization’s OneLogin account to authenticate enterprise users that need access to Banyan secured services.


In order to set up this integration, you need will need administrative access to OneLogin and the ability to add a new SAML App.


1. In the Banyan Command Center, configure your User Identity Provider

1.1 Navigate from Settings > Identity and Access tab > End User tab, and then set your User Identity Provider to SAML.

Fill out these Identity Provider configuration fields after you set up the new application integration in OneLogin.

1.2 Take note of the Redirect URL (ACS) provided in the configuration field. You will need it for the steps in OneLogin below.

2. Add a New App in the OneLogin Admin Panel

2.1 Log in to your OneLogin Admin Panel.

2.2 Navigate from Applications > Add App. Search for and then select SAML Test Connector (Advanced) to add a SAML 2.0 app.

2.3 Name the application Banyan TrustProvider and upload our logo.

2.4 When asked for ACS (Consumer) URL use the Redirect URL you obtained in Step 1b. Also, set the ACS (Consumer) URL Validator to .*.

2.5 Banyan requires your IDP’s returned SAML assertion to contain attributes can be mapped to a user’s Email, Username, and Groups.

Set the Attribute Mappings as follows:

  • Email -> Email
  • Username -> {firstname} {lastname}
  • Groups -> User Roles

OneLogin does not transmit its Groups via SAML attributes. Instead, we suggest using the User Roles field to group users.

2.6 In the Access section, assign the Banyan TrustProvider application to Everyone.

To assign the application to Everyone, complete the following steps:

  1. Navigate to Users > Roles
  2. Select New Role
  3. Name the New Role, and select the green checkbox
  4. Select Apps to Add and click on Save
  5. Select the newly created Role, and select Users
  6. Add all of the relevant Users under this Role
  7. Save
  • To verify that everyone has been assigned to their respective application, complete the following:
  1. Navigate to Applications, and select the relevant application
  2. Click on Users, and then view all users assigned to this application

Ensure the Banyan TrustProvider SAML app you just created can be accessed by Everyone.

This will allow Banyan to federate authentication of all users in your organization to your SAML IDP.

Note: You still need to apply Policies in the Banyan Command Center to manage which users can access specific internal applications.

2.7 Take note of your SSO URL and download the Certificate.

3. Save the OneLogin fields in the Banyan Command Center

3.1 Return to the Identity Provider page in the Banyan Control Center (Settings > Identity and Access tab > End User tab).

Ensure the User Identity Provider is set to SAML, and then enter the Banyan TrustProvider App parameters from OneLogin:

  • IDP SSO URL (from Step 2.7)
  • Entity Issuer (Optional) If set, the entity issuer value will override SSO URL as the required audience.
  • IDP CA Certificate(from Step 2.7)
  • Username Attribute: Set to “Username”
  • Email Attribute (from Step 2.5)
  • Groups Attribute (from Step 2.5)
  • Groups Delimiter: Set to “;”. This ensures OneLogin “User Roles” are correctly converted to Groups by Banyan.

3.2 Select Update Identity Provider Config to save the settings.

That’s it! You have successfully integrated OneLogin to manage your directory of users in Banyan.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.