Overview

Customers using SAML Single-Sign-On with OneLogin are now able to leverage TerraTrue’s SCIM functionality to centralize and automate the user life-cycle directly from their identity provider. TerraTrue’s SCIM implementation supports provisioning and de-provisioning of users, as well as activation and suspension. Contact us at hello@terratrue.com to learn more.

TerraTrue’s SCIM implementation does not currently support group mappings. Users added via SCIM will receive default permissions as granted to the “Everyone” special user. Please refer to the Identity and Access Management guide to learn more.

Prerequisites

Before you proceed further in configuring this method of provisioning, check that the following are all true and reach out to hello@terratrue.com for any questions:

  1. You are using TerraTrue with Single-Sign-On on OneLogin. Provisioning may not work correctly when you are using password authentication or Google authentication for your TerraTrue instance.
  2. You are an administrator on TerraTrue in order to have the access to configure the provisioning settings.
  3. You have the appropriate access to manage the TerraTrue application on OneLogin.

Configuration Steps

  1. Get the SCIM API Key from TerraTrue.

  • Click on ‘Copy API Key’ to copy the SCIM API Key.

2. Configure the TerraTrue application in OneLogin to enable provisioning.

  • Configure the SCIM settings. Under the Configuration application tab in OneLogin, enter the SCIM API key from the Step 1 into the SCIM bearer token field then click on the Enable button for the API connection. The Configuration application tab should look like this:

  • Enable Provisioning. Under the Provisioning application tab in OneLogin, check the “Enable provisioning” field as seen below. The remainder of the configuration on that tab is dependent on your own requirements for provisioning and approval thereof.

Troubleshooting and Tips

Reach out to hello@terratrue.com for any help ensuring that your provisioning is working correctly. 

TerraTrue provides a revision history of all changes to a user’s account visible to any TerraTrue administrator at the link below. All user changes made as a result of SCIM provisioning will be shown with the Actor column being “Scim System User”: https://launch.terratrue.com/settings/history

Lastly, TerraTrue sets the user’s Display Name based on the first name and last name received during the first user sync. Subsequent changes to the user’s Display Name may be made by an administrator from within TerraTrue under the User Organization Settings: https://launch.terratrue.com/settings/users