Skip to content
Scalekit Docs
Talk to an Engineer Dashboard

OneLogin Directory

Learn how to sync your OneLogin directory with your application for automated user provisioning and management using SCIM.

This guide helps administrators sync their OneLogin directory with an application they want to onboard. Integrating your application with OneLogin automates user management tasks and keeps access rights up-to-date.

Setting up the integration involves:

  1. Endpoint: The URL where OneLogin sends requests to your application, enabling communication between them.
  2. Bearer Token: A token OneLogin uses to authenticate its requests to the endpoint, ensuring security and authorization.

By setting up these components, you enable seamless synchronization between your application and the OneLogin directory.

  1. Create an endpoint and API token

    Section titled “Create an endpoint and API token”

    Open the SCIM configuration portal and select the SCIM Provisioning tab. Choose OneLogin as your Directory Provider and click on Configure. Setting up Directory Sync in the admin portal of an app being onboarded: OneLogin selected as the provider, awaiting configuration

  2. Add a new application in OneLogin

    Section titled “Add a new application in OneLogin”

    Open OneLogin’s Administration portal. Click Applications from the top navigation panel. OneLogin Administration Applications

    Click Add App to add a new application. The OneLogin Applications page displays a list of apps with options to download JSON or add a new app.

    Search for SCIM with SAML (SCIM v2 Enterprise) and select it. OneLogin application search results for SCIM Provisioner with SAML displaying SCIM v2 Enterprise option.

    Give a suitable app name(e.g., Hero SaaS App) and then click Save. Configuring the portal settings for the application in OneLogin, including display name and icon options.

    Go to the SCIM configuration portal and copy the Endpoint URL and Bearer Token for the SCIM integration. OneLogin directory sync setup: Endpoint URL and one-time visible bearer token provided

    On OneLogin, go to the Configuration tab in the left navigation panel. Add the above copied values in the SCIM Base URL and SCIM Bearer Token fields. Then click the Enable button. Configure credentials in the OneLogin dashboard. Go to the Provisioning tab, enable provisioning, and click Save. Setting up provisioning workflow for SCIM Provisioner with SAML in OneLogin, including options for user creation, deletion, and suspension actions.

  3. Provision users

    Section titled “Provision users”

    Go to Users and click on a user you want to provision. OneLogin Users dashboard displaying user information, including roles, last login time, and account status.

    Go to the Applications tab from the left navigation bar, click +, and assign the recently created application. Click Continue. Assigning a new login to a user in OneLogin

    The user provisioning action will remain in pending state for the application. Click on Pending. Provision user to SCIM application.

    In the new modal, click on Approve to approve provisioning of the user in the application. OneLogin user provisioning dialog for creating Kitty Flake in Hero SaaS App, with options to approve or skip the action.

    The status should change to Provisioned within a few seconds. OneLogin user profile for Kitty Flake displaying assigned applications, with Hero SaaS App provisioned and admin-configured.

  4. Configure group provisioning

    Section titled “Configure group provisioning”

    From the top navigation, click on Users and select Roles from the dropdown. Navigate to roles tab.

    Click on New Role. Create new role.

    Enter the Role name(this will be the name of the group). Select the recently created SCIM application and click Save. Add role name and assign it to SCIM application.

    Now select the created Role. Click the Users tab for the role. Search for any users you’d like to assign to that role, click on Check and then click on Add To Role. Click on Save. Add users to the new role.

    Navigate to Applications from the top bar and then click on the recently created application. Navigate to created SCIM application.

    Go to the Parameters tab from the left navigation and click on the Groups row. Navigate to parameters tab and then select groups row.

    Once the modal opens up, check Include in User Provisioning and then click on Save. Set user provisioning option.

    Navigate to Rules tab from left navigation and click on Add Rule. Create a new rule.

    Give a suitable name to the rule (e.g., Assign Group to SCIM app) and set the action to Set Groups in Hero SaaS App for each role with any value. Then click Save. Configuring a new mapping for group assignment in the Hero SaaS App using OneLogin.

    Navigate to Users tab from the left nav bar. You can see new users(belonging to the above created role) populated on the screen. For each of such user, click on Pending. Users from the recently created role are listed here.

    Once the modal opens up, click on Approve. The user belonging to the role will be provisioned to the application. Approve user provisioning to the application.

  5. Group based role assignment

    Section titled “Group based role assignment”

    Now on the SCIM configuration portal, configure appropriate group to role mapping to automatically assign roles to users in the application based on their group membership in OneLogin. Then click on Save. Assigning roles to user based on group membership.

  6. Verify successful connection

    Section titled “Verify successful connection”

    After completing these steps, verify that the users and groups are successfully synced by visiting Users and Groups tab in the SCIM configuration portal. Verificy SCIM integration.