If you want to set up SCIM with Azure Active Directory, please go to guide: How to set up SCIM with Azure AD.
Steps
- Requirements: be able to create a new company apps
-
Inside OneLogin go to Apps and then from the dropdown select Company Apps afterwards click on Add App
-
In the Find Applications page in the search bar type in
SCIM
then you should see multiple applications. SelectSCIM Provisioner with SAML (SCIM v2)
(this is because we are using SCIM 2.0).
-
After setting up the app you will be redirected to it's main setting page. On the Configuration tab enter the SCIM Base Url the SCIM JSON Template and the Bearer Token obtained from Templafy
SCIM Base Url = https://scim.templafy.com/scim -
The SCIM JSON Template looks like this:
IMPORTANT! Some fields below are marked in red. These are custom fields that may not exist or vary by name on your OneLogin setup - Please change accordingly to match your custom fields.
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"userName": "{$user.email}",
"externalId": "{$user.email}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}",
"formatted": "{$user.display_name}"
},
"displayName": "{$user.display_name}",
"addresses": [
{
"type": "work",
"streetAddress": "{$user.custom_fields.streetAddress}",
"locality": "{$user.custom_fields.locality}",
"postalCode": "{$user.custom_fields.postalCode}",
"city": "{$user.custom_fields.city}",
"region": "{$user.custom_fields.region}"
}
],
"prefferedLanguage": "{$user.prefferedlanguage}",
"title": "{$user.title}",
"phoneNumbers": [
{
"value": "{$user.phone}",
"type": "work"
},
{
"value": "{$user.custom_fields.mobile}",
"type": "mobile"
},
{
"value": "{$user.custom_fields.fax}",
"type": "fax"
}
],
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"department": "{$user.department}",
"organization": "{$user.custom_fields.organization}"
}
}
-
On the Provisioning tab turn on
Enable Provisioning
for Create, Delete and Update User. Also set when user gets deleted to Delete (This is technically optional but if you want your users to be deprovisioned immediately set it toDelete
if you want to have a window of 30 days from deletion until it actually gets deprovisioned in Templafy selectDelete
from the dropdown.). This is how the Provisioning settings should look:
-
Finally after making sure all the settings are correct set
API Status
in the Configuration tab toEnabled
and then click Save. The app should now start provisioning your Users and Groups to Templafy.
Comments
0 comments
Please sign in to leave a comment.