SCIM, or System for Cross-domain Identity Management, is an open standard that allows for the automation of user provisioning. It makes it easy to add, update or remove users across different applications simultaneously. The solution is built using the SCIM 2.0 specification.
In order to set up user provisioning with OneLogin, it has to be configured both in Scoro and OneLogin.
Note! Read more about OneLogin and SCIM.
1. Set up SCIM in Scoro
- SCIM settings can be found under Settings → Integrations → SCIM
- Admin users can set the default values for new users created via SCIM:
- Default entity (only available in case of multiple entities)- Default user type- Email notification with account data - In order to enable the SCIM API, you must generate an OAuth bearer token
- After SCIM is enabled, the API credentials allow you to set up SCIM from OneLogin side.
2. Set up OneLogin App integration
- In order to use OneLogin User Provisioning, you first need to configure Single Sign-On in the app. Check the manual for connecting Scoro and SSO.
- There is one difference between using only SSO or SCIM + SSO: search for “SCIM Provisioner with SAML (SCIM v2 Core)“ instead of “SAML Custom Connector (Advanced)“ when creating a new app from Administration > Applications > Add App.
- The overall set-up is the same, but there are extra options for Provisioning.
- Once the SSO integration has been created, SCIM provisioning can be configured.
3. Add OneLogin SCIM Provisioning
- After your app is created and SSO is configured, open the Configuration tab.
- Add the SCIM credentials under the API Connection:
- SCIM connector base URL can be found under Scoro SCIM settings.
- Bearer token can be found under Scoro SCIM settings.
- JSON template has core User attributes as default, but in the example JSON below you can see the full schema supported by Scoro.
- You can define your own schema and mapping or just use the one that we provide:
- Click Enable.
- Save the settings.
An example JSON
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "{$parameters.scimusername}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"
},
"emails": [
{
"value": "{$user.email}",
"primary": true,
"type": "work"
}
],
"phoneNumbers": [
{
"value": "{$user.phone}",
"primary": true,
"type": "work"
}
],
"title":"{$user.title}"
}
4. Configure provisioning options
- Open Provisioning and choose what workflow and actions can be performed.
- Since there is no “hard delete” for users in Scoro, we recommend using the Suspend option for deleted users. This makes the users inactive instead of trying to delete it.
- Save the changes.
- User provisioning between Scoro and OneLogin is now configured.