SCIM: Set up OneLogin as Your Provisioning Source in Simpplr

Set up OneLogin as your provisioning source in Simpplr

1. In Simpplr, as the app manager, head to Manage > Application > Integrations > People data.

2. Select OneLogin > Provisioning.

3. Click Save. After clicking save, Simpplr provides you with OneLogin link and token. This token is only visible once. If the page is refreshed or exited, this token will not be displayed again. If a new token is required, uncheck the OneLogin provisioning box and select it again, then save. This will create a new token and invalidate the old one. Don't forget to change the token in this case in the older applications on OneLogin (OneLogin applications will be explained later).

4. Head back to your OneLogin instance as the admin user. You will need administrator access to complete the next steps.

5. In the top right corner, click Administration.

6. To create a new application:

   1. From the Main menu, select Applications, then choose Add App.
      

      

   2. Search for SCIM.

   3. Select SCIM Provisioner with SAML (SCIM v2 Enterprise) and click Save.
      

      

7. Configure the SCIM App:

   1. Select the Configuration tab.

   2. Let's suppose the base url of the tenant is https://ats-reg-testing.qa.simpplr.xyz/, then put simpplr.xyz in SAML Audience URL and put qa.simpplr.xyz in SAML Consumer URL.

8. In the SCIM Base URL, enter the OneLogin URL you got in step 3.
   

9. In SCIM JSON Template, copy and paste:
   {
   "schemas": [
   "urn:ietf:params:scim:schemas:core:2.0:User",
   "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
   ],
   "externalId": "{$user.id}",
   "userName": "{$parameters.scimusername}",
   "name": {
   "familyName": "{$user.lastname}",
   "givenName": "{$user.firstname}"
   },
   "emails": [
   {
   "value": "{$user.email}",
   "type": "work",
   "primary": true
   }
   ],
   "displayName": "{$user.display_name}",
   "locale": "{$user.locale_code}",
   "phoneNumbers": [
   {
   "value": "{$user.phone}"
   }
   ],
   "roles": "{$user.custom_fields.Roles}",
   "active": "{$user.status}"
   }

10. In SCIM Bearer Token, paste the token you got from Simpplr in step 3 above.

11. In the API Status select Enable.

12. Select Save.

13. Configure provisioning for the SCIM App:

    1. Select the Provisioning tab.

    2. Check Enable Provisioning.

    3. Under Require admin approval before this action, uncheck the Create, Delete, and Update checkboxes to have OneLogin provision new users and update users to the SCIM app without requiring administrative approval.

    4. Select Save.
       

       

14. Test user provisioning with your SCIM app.

    1. Select the Access tab.

    2. In the Roles section, ensure Default is checked.

    3. Select Save.
       

       

    4. From the main menu, select Users.

    5. Select the user to provision to the SCIM app.

    6. Select the Applications tab for the user.

    7. In the Roles section, select Default.

    8. Select Save User to start the provisioning process.
       

       

15. View provisioning status:

    1. From the main menu, select Users > Provisioning.

    2. Refresh the page to view the updates.

    3. Go to Applications and open the SCIM app.

    4. Select the Users tab to see provisioned users.

16. To disconnect OneLogin SCIM, follow these steps:

    1. Go to Simpplr. Click on Manage > Application > Integrations > People data.

    2. Uncheck OneLogin and the provisioning option.

    3. Click Save.

    4. Log in to OneLogin.

    5. Click Administration from the main menu and then click on Applications > App name.

    6. Select the Provisioning tab and uncheck the Enable provisioning in Workflow section.

    7. Click Save.