Skip to main content

OneLogin SCIM v2.0

The following guide will walk you through the process of configuring SAML Jackson to use the OneLogin SCIM v2.0 directory provider.


Create OneLogin Application

Click Applications from the top navigation menu and click Add App button.

OneLogin SCIM Step 1

Search for SCIM from the search box and choose the app called SCIM Provisioner with SAML (SCIM V2 Enterprise) from the list of apps.

OneLogin SCIM Step 2

Give the app a name and click the Save button.

iOneLogin SCIM Step 3

At this stage, you've successfully created the OneLogin SCIM app.


Enable OneLogin SCIM Provisioning

In your application, click the Configuration tab on the left.

Enter the following information:

  • SCIM Base URL
  • SCIM Bearer Token

You'll receive these information from Jackson when you create the directory sync connection either via the API or the Admin Portal.

Click the button Enable to test the connection to see if the credentials are correct and click the button to Save to save the credentials.

OneLogin SCIM Step 4

Next click the Provisioning tab and check the Enable provisioning checkbox. Click the Save button to save the changes.

OneLogin SCIM Step 5

Next click the Parameters tab and select the row Groups from the table.

OneLogin SCIM Step 6

In the popup window, check the box Include in User Provisioning and click the Save button.

OneLogin SCIM Step 7


Assign Users

In order to assign users to your app, select Users from the top navigation menu and choose the user you want to assign to the app.

From the user page, click the Application tab on the left and click the plus sign.

OneLogin SCIM Step 8

A popup window will show you the list of apps that you can assign the user to. Select the app you created earlier and click the Continue button.

OneLogin SCIM Step 9

Click Save on the next modal window to confirm the assignment.

OneLogin SCIM Step 10

Depending on your configuration, You may have to approve the assignment.

If you see a text Pending in the table, click that text. That'll bring up a modal window, click the button Approve to approve the assignment.

OneLogin SCIM Step 11

At this point, the user will be assigned to the app.


Push Groups

In order to push groups to your app, you've to create a new Role in your app.

In the top navigation, select Users and then Roles from the dropdown.

Click New Role to create a new role.

OneLogin SCIM Step 12

Enter a name for the role, select the app you created earlier and click the Save button.

OneLogin SCIM Step 13

Click the Users tab for the role and search for the user you want to assign the role to.

Click the button Add To Role to assign the user to the role and click the Save button.

OneLogin SCIM Step 14

Click Save in the next modal to confirm the assignment.

OneLogin SCIM Step 15

Go back to your app and click the Rule tab on the left and click the Add Rule button.

Give the rule a name. Under the Actions, select the Set Groups in your-app-name from the dropdown, then select for each role with values that matches your-app-name. Click the Save button.

OneLogin SCIM Step 16

Click the Users tab on the left, you may see Pending provisions in the table. Click that text to approve the assignment.

OneLogin SCIM Step 17

Click Approve in the next modal to confirm the assignment.

OneLogin SCIM Step 18

FAQ

Why don't I see any event when a group is removed in OneLogin?

It is a known issue with OneLogin SCIM. OneLogin does not dispatch a specific deprovisioning event for groups that are deleted, so you won't see any event such as group.deleted or group.user_removed when a group is removed. It is recommended to remove the users from the group before deleting the group itself from the SCIM application.