Version: Config V1 (legacy)

(Beta) User Provisioning (SCIM) with Onelogin

info

Beta Feature: SCIM provisioning is in public beta. It has been thoroughly tested with various Identity Providers. We're now collecting feedback from real-world usage to fine-tune the experience. Share your feedback here.

Introduction

Each Identity Provider requires specific information to configure a SCIM integration. The following guide will walk you through how you can connect ConfigCat with OneLogin via SCIM.

1. Create an Application in OneLogin

Log in to OneLogin, select Applications and click on Add App.
Type SCIM V2 into the search bar, and select SCIM Provisioner with SAML (SCIM v2 Core).
Enter a descriptive Display Name, then click Save.

2. Configure Provisioning (SCIM) for the OneLogin Application

Gather the SCIM URL and the Token from the Authentication & Provisioning page in ConfigCat.
On the OneLogin application's Configuration tab's API Connection section configure the following:
- Add the SCIM URL from the ConfigCat Dashboard as the SCIM Base URL.
- Add the Token from the ConfigCat Dashboard as the SCIM Bearer Token.
- Add the following as the SCIM JSON Template:
```
{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "{$parameters.scimusername}",
  "displayName": "{$user.display_name}"
}
```
On the OneLogin application's Provisioning tab configure the following:
- Check the Enable provisioning checkbox.
- Configure the other checkboxes and dropdowns based on your preference.
On the OneLogin application's Parameters tab configure the following:
- Set Email as the scimusername parameter.
- Check the Include in User Provisioning checkbox at the Groups parameter.
On the OneLogin application's Rules tab configure which property should OneLogin send as the user's groups to ConfigCat.
In the following example we are mapping the user's role in OneLogin as the synced group to ConfigCat, but you can create other mappings as well based on your preference. Read more about mappings here.
- Click on te Add rule button.
- Specify a Name for your rule.
- Select Set Groups in ##YOUR APPLICATION NAME## at the Actions.
- Select role at the For each dropdown.
- Set .* for the with value that matches input.

3. Assign users manually to the application or set access based on policies/roles on the OneLogin application's Access tab.

4. Start provisioning

On the OneLogin application's Configuration tab click on the Enable button to start the provisioning.
Wait until the first provisioning is finished, and you should see each synced group and user on ConfigCat's Authentication & Provisioning page.

5. Next Steps

Continue with assigning ConfigCat permissions to the synced groups.

Introduction​

1. Create an Application in OneLogin​

2. Configure Provisioning (SCIM) for the OneLogin Application​

3. Assign users manually to the application or set access based on policies/roles on the OneLogin application's Access tab.​

4. Start provisioning​

5. Next Steps​