Customers using SAML Single-Sign-On with OneLogin are now able to leverage TerraTrue’s SCIM functionality to centralize and automate the user life-cycle directly from their identity provider. TerraTrue’s SCIM implementation supports provisioning and de-provisioning of users, as well as activation and suspension. Contact us at email@example.com to learn more.
TerraTrue’s SCIM implementation does not currently support group mappings. Users added via SCIM will receive default permissions as granted to the “Everyone” special user. Please refer to the Identity and Access Management guide to learn more.
Before you proceed further in configuring this method of provisioning, check that the following are all true and reach out to firstname.lastname@example.org for any questions:
- You are using TerraTrue with Single-Sign-On on OneLogin. Provisioning may not work correctly when you are using password authentication or Google authentication for your TerraTrue instance.
- You are an administrator on TerraTrue in order to have the access to configure the provisioning settings.
- You have the appropriate access to manage the TerraTrue application on OneLogin.
- Get the SCIM API Key from TerraTrue.
- In TerraTrue, go to Organization Settings -> Authentication -> SCIM or directly from this link: https://launch.terratrue.com/settings/auth/scim
- Click on the toggle to enable SCIM as shown below.
- Click on ‘Copy API Key’ to copy the SCIM API Key.
2. Configure the TerraTrue application in OneLogin to enable provisioning.
- Configure the SCIM settings. Under the Configuration application tab in OneLogin, enter the SCIM API key from the Step 1 into the SCIM bearer token field then click on the Enable button for the API connection. The Configuration application tab should look like this:
- Enable Provisioning. Under the Provisioning application tab in OneLogin, check the “Enable provisioning” field as seen below. The remainder of the configuration on that tab is dependent on your own requirements for provisioning and approval thereof.
Troubleshooting and Tips
Reach out to email@example.com for any help ensuring that your provisioning is working correctly.
TerraTrue provides a revision history of all changes to a user’s account visible to any TerraTrue administrator at the link below. All user changes made as a result of SCIM provisioning will be shown with the Actor column being “Scim System User”: https://launch.terratrue.com/settings/history
Lastly, TerraTrue sets the user’s Display Name based on the first name and last name received during the first user sync. Subsequent changes to the user’s Display Name may be made by an administrator from within TerraTrue under the User Organization Settings: https://launch.terratrue.com/settings/users