Articles in this section

See more

Provisioning from OneLogin into Active Directory

if you have added users to OneLogin manually or imported them into OneLogin from another source, such as Workday, you can push those users and their attributes into Active Directory.

Note: Make sure that the Active Directory service account can write to any associated fields (such as display name or UPN)

  1. In OneLogin, go to Users > Mappings.

    You will create two mappings: one to enable OneLogin to push user attributes to Active Directory, and the other to disable user attribute pushes.

    Note. The examples we use here are the mappings you would use if you are provisioning users that you imported to OneLogin from Workday.

  2. Create the mapping to activate user attribute pushes.

    • Under Conditions, set (for example) Workday Status > equals > Active.

    • Under Actions, set your mappings using the page mappings shown below.

      • Set directory is the current directory.

      • Set role and Set display name are optional and can be configured depending on your Active Directory implementation.

  3. Click Save.

  4. Create the mapping for deactivating (terminating) user attribute pushes.

    1. Under Conditions, set (for example) Workday Status > equals > Terminated.

    2. Under Actions, set your mappings using the page mappings shown below.

      Set DistinguishedName is optional. Use it if you want to put the defined user in a Terminated group.

  5. Click Save.

  6. Go to Users > Directory and select the Active Directory currently connected to your account.

  7. Go the Advanced tab and enable Exporting Users and specify what happens when a user is deleted in Active Directory.

  8. Click Save to confirm your settings.

  9. Go to the Directory Attributes tab to confirm that the mappings are properly configured.

    Map the unicodePwd field to the Welcome Key field.

    Your page should resemble the example below:

  10. Click Save.

Now when a user is added or updated in OneLogin, whether manually or by import from another source, like Workday, these changes will be pushed from OneLogin into your Active Directory.

For information about the complete workflow for using OneLogin to import users and  user updates from Workday to Active Directory, see User Provisioning from Workday to Active Directory.