This article describes how to configure OneLogin to provision users with Civis Platform.
Prerequisites:
Configure SSO for Civis Platform
Enabling Civis Platform’s provisioning integration with OneLogin requires a SCIM-enabled platform API key to use as the “SCIM Bearer Token”. Contact your client success representative to obtain one. This key will belong to the designated user admin for Civis Platform.
- NOTE: If the designated user admin is deactivated from Civis Platform then SCIM provisioning features will no longer work. If this happens, please contact your client success representative to obtain a new key.
Automatic user creation is not supported, so users must first be created in Platform before they will be able to log in.
Currently the Civis Platform SCIM integration supports the following provisioning features:
- Suspend Existing User: In OneLogin, removing a user’s access to the application will also deactivate the user and revoke their API keys in the Civis Platform.
- Reactivate Existing User: In OneLogin, enabling a user’s access to the application will activate the user and their API keys in the Civis Platform.
Enabling provisioning in OneLogin
- Once your Civis Platform Client Success team has enabled SCIM and provided you with your SCIM Bearer Token, you may proceed to setting up SCIM in OneLogin.
-
Log into OneLogin as a Super user or Account Owner and go to Apps > Company Apps > Civis Platform.
-
On the Configuration tab, connect to the Civis Platform API.
-
Enter the Civis Platform Bearer Token that you received from the Civis Platform team in the previous task.
-
Click Enable.
If the connection is successful, the API Status icon switches to
.
-
-
On the Provisioning tab, enable provisioning and set your admin approval policy.
-
Select Enable provisioning for Civis Platform.
-
Select the provisioning actions that require admin approval.
If you select any of the available actions, an admin must go to Users > Provisioning and manually approve the action every time it occurs.
-
Select how users that are deleted in OneLogin are handled in Civis Platform.
Choose between Delete and Do Nothing.
-
-
On the Parameters tab, confirm the mapping of Civis Platform attributes to OneLogin attributes.
NameID (Subject) is included in the SAML assertion passed by OneLogin to Civis Platform and is not used for Provisioning.
The SCIM Username and all parameters labeled with (SCIM) are used for provisioning.
For all parameters, you should keep the default OneLogin values unless specified otherwise by the Civis Platform team.
-
Click Save.