What can we help you with?

SCIM Provisioning of Users and Teams with OneLogin


System for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), deprovision (deactivate), and update user data across multiple applications at once. 

To set up SCIM provisioning in OneLogin you will need to have the involvement of both the monday.com admin and the manager of your OneLogin account. 


SCIM capabilities supported in monday.com

  • Provisioning of Users
  • Deprovisioning of Users
  • Provisioning of Teams
  • Deprovisioning of Teams
  • Team Renaming
  • Updating User Details
  • Assigning Users to Teams
  • Unassigning Users from Teams
Note: OneLogin does not support monday.com's User Type attributes, and therefore it is unable to provision the user's level of access (i.e. Member, Viewer, or Guest). SCIM will still work to provision and de-provision users, but it will not be able to control their user type. 



Step 1 - Add monday.com to OneLogin

Go to your OneLogin Administration page and click Applications > Applications:


Then click add App, and search for monday.com in the app store:


 Give the app a Display Name and click Save on the right-hand side of the page.


Step 2 - Go to Configuration

Go to the "Configuration" tab, enter the following:

  • Monday Domain Name:
    e.g. if your monday.com's subdomain is https://teamdomain.monday.com, enter teamdomain
  • SCIM Base URL:
    This should be taken from your monday.com account (see instructions below)
  • SCIM Bearer Token:
    This should be taken from your monday.com account (see instructions below)

Go to monday.com Admin section to retrieve the provisioning token

  • Open up your monday.com account
  • Click on your avatar > Admin
  • Go to the Security section
  • Click on SCIM


Here you can generate and copy the provisioning URL and token and then copy and paste into OneLogin.


Click the Enable button and then click Save on the right-hand side of the page:



Step 3 - Go to Provisioning

Go to the Provisioning page and check the "Enable provisioning" checkbox.

If you want to require admin approval before a user is created, deleted or updated - check the corresponding checkboxes, otherwise remove them:


 Click the Save on the right-hand side of the page.


Additional configurations are required on the monday.com application in order to allow team provisioning:

Step 4 - Go to Parameters

Go to the Parameters tab, click on the Groups under the Monday Field:


Check the "Include in User Provisioning" checkbox and click Save on the bottom right of the page:



Step 5 - Go to Rules

Go to the Rules tab and click on the Add rule button. Give the rule a name and add an action by clicking the plus icon (+) under the Actions section:

  • Select the "Set Groups in monday.com" action from the list
  • Keep "Map from OneLogin" selection
  • Select "role" from the list it should apply to
  • Set the pattern that the role should match to (the example in the screenshot matches it to all roles)
  • Click on the Save button




Set Up User Provisioning

Go to OneLogin's Users > Users tab:


Select a user from the list by clicking on its row.

On the user's page, click the Applications tab and then click on the plus icon on the right-hand side to assign the user to monday.com:



Select the monday.com application from the list and click Continue:



Click the Save button on the bottom right in the Edit user window:


Note: If you deprovision a user from the monday.com app, the user will exist in monday.com as an inactive user and will not be counted towards your monday.com user count.


User Attributes

These fields are supported for mapping user attributes:

  • Name (can’t contain special characters)
  • Email (must be lowercase)
  • Active (whether or not a user is enabled or disabled)
Note: The username should always be the user’s email address.


Set-Up Team Provisioning

You can provision Roles from OneLogin to monday.com by assigning monday.com application to the Role. Doing this will create a new Team in your monday.com account with all the users that are assigned to that role in OneLogin.


Important Note: If you assign a Role to monday.com app within OneLogin, and there is a monday.com team with the same name, then the OneLogin group will replace it.
For privacy measures, we recommend coordinating the team provisioning with the monday.com admin, in order to avoid users losing access to their data or users gaining access non-intendedly.


1. Go to the roles page by clicking Users > Roles



2. Select the role you would like to be created in monday.com

3. On the Applications tab, select the monday.com app by clicking it:


Click Save on the right-hand side of the page.

4. To assign users to the role, go to the Users tab and search for a user in the "Check existing or add new users to this role" box. When the user is displayed, click on the Check button:


Click the Add to Role link on the user that was just checked:

Group_2__18_.pngClick Save on the right-hand side of the page.

Note:  A team will be created in monday.com only when the role is assigned with users that have access to monday.com


Error Handling

Please find the below table that contains error codes and their possible reason. Check out the third column for resolution suggestions:

image 1 - 2023-08-23T151258.141.png



We've outlined a list of SCIM-related frequently asked questions for you. Click on this link here to check them out!




If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.