This topic describes how to import users from Namely to OneLogin using the Namely directory connector, essentially treating Namely as your user directory of record.
Note. Namely populates a user's work email address field with their personal email address after they are terminated. This means that an employee's personal email address will be passed to the OneLogin directory. To avoid this behavior in OneLogin, use the "Do not create disabled users" and "Do not update disabled users" options when you set up the integration. See below for more details.
To set up OneLogin's Namely directory connector:
Log into Namely as an administrator and get a permanent access token for the Namely API.
To learn more about how to generate a permanent access token, see Namely's API authentication documentation.
Security Note. The Namely administrator account that you use to generate the permanent access token should have permission to view only the users (and user attributes) that you want to import to OneLogin.
Log into OneLogin as an administrator and go to Users > Directories.
Click New Directory and select Namely.
Give the directory a name, and then select which directory you want to Authenticate users in.
You can choose to have OneLogin manage user authentication (in which case you manage and store encrypted passwords in OneLogin), or you can choose any third-party directory (like Active Directory, for example) that you have already integrated with OneLogin to store passwords and manage authentication. If you choose another integrated directory, you must also configure OneLogin to export new users to that directory. See the OneLogin documentation for your directory integration for more information.
Click Save to enable additional configuration fields and tabs.
To use this directory connector to import users from Namely to OneLogin, select Enabled under Importing Users (enabled by default).
(Optional) Set your import and synchronization settings for users who are disabled in Namely.
Your can select any or all of the following options:
Sync user status: select to update a user's status in OneLogin when they're disabled in Namely.
If you select this option alone, the disabled OneLogin user will continue to be updated whenever the disabled Namely user is updated. If you want to prevent Namely's offboarding protocol from changing the user's email address (see note below) in OneLogin, you must also select Do not update disabled users.
Do not create disabled users: select to prevent disabled Namely users from being imported to OneLogin when you initially set up the integration.
Do not update disabled users: select to switch the OneLogin user status to disabled when users are disabled in Namely, while preventing any other attributes from being updated in the OneLogin user record.
This prevents OneLogin from changing the user's email address when Namely performs its offboarding protocol (see note, below).
Note. Namely's offboarding protocol populates the employee's work email address field with their personal email address. To prevent OneLogin and third-party directories (like Active Directory) from replacing a terminated user's work email with their personal email, you can use the Do not create disabled users and Do not update disabled users options.
Enter the API settings required to connect to Namely.
The Subdomain is the yourcompany part of
The API token is the permanent access token that you generated for Namely API access in step 1.
Click Save to connect to the API.
Wait a few seconds for the authentication to finish. After a successful authentication, you'll see a green banner accross the top of the page that declares success. If authentication fails, a red banner will let you know.
On the Directory Attributes tab, map the Namely fields that you want to import to OneLogin.
Select the Namely field from the dropdown in the Directory Field column for each required field. The connector automatically pulls in all Namely fields available for mapping.
Click the + plus button at the top right to add rows, where you can map additional Namely fields to OneLogin fields. For any new mappings, you must create a OneLogin custom user field to hold the value you want to sync with the Namely field. All custom fields will be available for selection from the dropdown in the OneLogin Field column in rows that you add.
Namely Teams and Groups: OneLogin imports a user's Namely team and group memberships as semicolon-delimited lists. If you create a custom field in OneLogin for Namely teams and a custom field for Namely groups and map the Namely fields to those custom fields on this tab, you can then use Namely team and group membership to create mappings that assign OneLogin attributes, like Roles. You can also use rules to provision app attributes based on Namely team or group membership; for apps that support Group creation, you can even use rules to create a Group in an app (like Google G Suite, for example) based on a user's Namely team or group membership. For more information, see Mappings and Rules.
- Click Save.
Click the More Actions menu and select Synchronize Users (Force) to initiate the user import.
The directory connector also synchronizes users automatically every six hours.
Go to the Events tab to view when the user import has finished.
- Refresh Schema pulls any available fields from Namely and propagates them to OneLogin. If any fields were changed in Namely, use Refresh Schema to export them to OneLogin.