Configuring a OneLogin SAML v2.0 identity provider on Keycloak

Last Updated : Jun 10, 2026 |

About this task

To use OneLogin SSO capabilities and authenticate users, you must configure a SAML v2.0 identity provider on Keycloak.

Before you begin

  • Configure a SAML application on OneLogin.

  • Obtain a configuration file in XML format.

Procedure

  1. Log in to the Keycloak web administration interface.
  2. Navigate to Solution Realm > Identity Providers.
  3. Click Add provider and then select SAML v2.0.
  4. In Alias, type the name that you used when configuring a SAML application on OneLogin.

    For example, OneLoginSAML. For more information, see step 8.

  5. In Display name, type a name of your choice.
  6. Navigate to the Import External IDP Config section.
  7. Click Select file, navigate to the OneLogin configuration metadata XML file that is stored on your computer, and then click Import.

    Keycloak imports the configuration data and populates the Single Sign-On Service URL field.

  8. From NameID Policy Format, select Email.
  9. Click Save.