This article describes how to configure OneLogin to provision users to Syncplicity.
- Configure SSO for Syncplicity
Get your Syncplicity Application Token.
- Log into your Syncplicity admin dashboard.
- Go to Account > Account.
Under the Profile section, select Create.
You will use the Application Token to confirm the API connection between OneLogin and Syncplicity.
- Log into OneLogin as an admin and go to Apps > Company Apps > Syncplicity (or whatever your app name is).
On the Configuration tab, enter the information required to connect to the Syncplicity API.
In the Custom Domain field, enter your custom Syncplicity domain, if you have one.
Enter the domain name alone, excluding
.syncplicity.com. For example, if your custom Syncplicity domain is
acmecompany.syncplicity.com, enter only acmecompany.
- In the Access Token field, enter the Application Token that you created in Syncplicity.
A green status indicates a successful connection.
On the Provisioning tab, enable provisioning, set your admin approval policy, and import Syncplicity Groups and Roles.
- Select Enable provisioning for Syncplicity.
Select the provisioning actions that require admin approval.
If you select any of the available actions, an admin must go to Users > Provisioning and manually approve the action every time it occurs.
Select how users that are deleted in OneLogin are handled in Syncplicity.
Choose between Delete, Suspend, or Do Nothing.
Under Entitlements, click Refresh to import Syncplicity Groups and Role values so that they are available to map to OneLogin values on the Parameters and Rules tabs.
- Click Save.
On the Parameters tab, map Syncplicity user attributes to OneLogin attributes.
First Name, Last Name, and User ID are included in SAML assertions, and you should retain the default mapping. You can provision Syncplicity group membership and roles by doing the following:
Groups: click the Groups row to display the Edit Field Groups dialog, and select the Include in User Provisioning option.
All groups defined for your account in Syncplicity are available for selection. Select the groups you want to make available for provisioning. You will use the Rules tab in the next step to create rules that determine Syncplicity group membership when you provision users.
Roles: click the Roles row to display the Edit Field Roles dialog, and select the Include in User Provisioning option.
All roles defined for your Syncplicity account are available for selection. Select the role that should be the default when you provision users (usually User). You will use the Rules tab in the next step to create rules that override the default role assignment, assigning other Syncplicity roles (usually Support Administrator and Global Administrator) to particular users.
On the Rules tab, map users to Syncplicity Groups and Roles.
Select New Rule to display the New Mapping dialog.
This example shows users in the Active Directory security group (OU) "Support" mapped to the Syncplicity Role of Support Administrator.
Conditions = MemberOf > contains > Support and Actions = Set Roles in Syncplicity > SupportAdmin means "If provisioning encounters a user who is a member of the AD security group (OU) 'Support,' assign that user to the Syncplicity Role of Support Administrator."
- Click Show Affected Users to confirm that the mapping will provision the correct users.
- Click Save.
Go to the More Actions menu and click Reapply provisioning mappings to apply the new rule.
Important! You must reapply mappings any time you create or update rules!
To confirm that provisioning from OneLogin to Syncplicity is working, add a user to OneLogin, assign the user to your Syncplicity app, and go to Users > Provisioning to approve the provisioning event, if necessary. When the user is marked as Provisioned, go to Syncplicity and confirm that the new user has been added with the correct entitlements.