Versions Compared

Old Version 10

changes.mady.by.user Steinar Line

Saved on

compared with

New Version Current

changes.mady.by.user Mari Fuglem

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Follow the instructions below to set up the provisioning of users from OktaOneLogin. Read more in OktaOneLOgin's official SCIM documentation.

...

Configure SCIM in OneLogin

  1. Open the OneLogin admin portal.

    • Click the Applications menu tab, then select Applications

    • Click the Add app button in the top right corner

  2. Find and select the SCIM Provisioner with SAML (SCIM v2 Core) template

    • In the search box, enter SCIM Provisioner

    • Click the search result

      Image Modified

  3. Add a name for the app, then click Save

    Image Modified

  4. Configuration tab: Configure provisioning

    • Move to the Configuration tab. Make a note of the SAML configuration fields at the top. You will need these when configuring SAML SSO later. For now, we'll focus on provisioning.

    • Copy the SCIM tenant URL and application secret into OneLogin:

      • Copy the Base URL into the SCIM Base URL field

      • Copy the App secret into the SCIM Bearer Token field

    • Copy the below SCIM JSON template into OneLogin

      Code Block
      languagejson
      {
    "schemas": [
       "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
    ],
    "userName": "{$parameters.scimusername}",
    "name": {
        "givenName": "{$user.firstname}",
        "familyName": "{$user.lastname}",
        "formatted": "{$user.display_name}"
    },
    "emails": [{
        "value": "{$user.email}",
        "type": "work",
        "primary": true
    }]
}

    • Verify settings

      • Your OneLogin configuration tab should now look something like this. When done, click save, then enable

        Image Modified

  5. Enable provisioning

    • Go to the Provisioning tab and select Enable provisioning. Optionally deselect all admin approval requirements and change the user deletion action to delete instead of suspend, as shown in the below screenshot. Click Save

      Image Modified

  6. Configure group provisioning

    • Roles in OneLogin can be provisioned as Atlassian/SCIM groups using rules. You can skip this step if you only need to provision user accounts and intend to manage groups in the Atlassian application.

    • Add a role-to-groups rule.

      • Go to the Rules tab. Click Add Rule

        • Enter a name for the rule

        • Select Map from OneLogin (note, the option only becomes available once you enable provisioning)

        • Select role as the source and enter the pattern (.+) to provision every role assigned to the application as a group

      • Finally, click Save

        Image Modified

    • Enable group attribute provisioning

      • Go to the Parameters tab. Click on Groups in the parameter list, then select Include in user provisioning. Then click Save

        Image ModifiedImage Modified

  7. Assign users/roles to the application

    • Click the Access tab and assign roles to the application. This controls the set of users that will have access to the application and be provisioned.

Forcing resync in OneLogin

...