Configuring attribute mapping on OneLogin

Last Updated : Jun 10, 2026 |

About this task

To authenticate a user, OneLogin sends an authentication response to Keycloak containing various user attributes, such as the first name, last name, phone number, or email address. Keycloak then maps this user information to the attributes of the access token that is generated and sent back to clients.

You must configure the following attributes on OneLogin:

OneLogin attribute name

Attribute value

email

Email

firstName

First Name

lastName

Last Name

Group

No default

Procedure

  1. Log in to the OneLogin administration console as an administrator.
  2. Navigate to Application and then select your SAML 2.0 application.
  3. Navigate to the Parameters tab.
  4. Configure new attributes as follows:
    1. Click the Plus icon to create a new attribute.
    2. In Field Name, type the name from the OneLogin attribute name column of the table.
    3. Select the Include in SAML assertion check box.
    4. Click Save.
    5. In Edit Field, select the value specified for the parameter in the Attribute value column.
    6. Click Save.
    7. Repeat substeps a to f to add other attributes.
  5. Click Save.