System for Cross-domain Identity Management (a.k.a. SCIM) is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), deprovision (deactivate), and update user data across multiple applications at once.
To set up SCIM provisioning in OneLogin you will need to have the involvement of both the monday.com admin and the manager of your OneLogin account.
SCIM capabilities supported in monday.com
- Provisioning of Users
- Deprovisioning of Users
- Provisioning of Teams
- Deprovisioning of Teams
- Team Renaming
- Updating User Details
- Assigning Users to Teams
- Unassigning Users from Teams
Configuration
Step 1 - Add monday.com to OneLogin
Go to your OneLogin Administration page and click Applications > Applications:
Then click add App, and search for monday.com in the app store:
Give the app a Display Name and click Save on the right-hand side of the page.
Step 2 - Go to Configuration
Go to the "Configuration" tab, enter the following:
-
Monday Domain Name:
e.g. if your monday.com's subdomain is https://teamdomain.monday.com, enter teamdomain -
SCIM Base URL:
This should be taken from your monday.com account (see instructions below) -
SCIM Bearer Token:
This should be taken from your monday.com account (see instructions below)
Go to monday.com Admin section to retrieve the provisioning token
- Open up your monday.com account
- Click on your avatar > Admin
- Go to the Security section
- Click on SCIM
Here you can generate and copy the provisioning URL and token and then copy and paste into OneLogin.
Click the Enable button and then click Save on the right-hand side of the page:
Step 3 - Go to Provisioning
Go to the Provisioning page and check the "Enable provisioning" checkbox.
If you want to require admin approval before a user is created, deleted or updated - check the corresponding checkboxes, otherwise remove them:
Click the Save on the right-hand side of the page.
Additional configurations are required on the monday.com application in order to allow team provisioning:
Step 4 - Go to Parameters
Go to the Parameters tab, click on the Groups under the Monday Field:
Check the "Include in User Provisioning" checkbox and click Save on the bottom right of the page:
Step 5 - Go to Rules
Go to the Rules tab and click on the Add rule button. Give the rule a name and add an action by clicking the plus icon (+) under the Actions section:
- Select the "Set Groups in monday.com" action from the list
- Keep "Map from OneLogin" selection
- Select "role" from the list it should apply to
- Set the pattern that the role should match to (the example in the screenshot matches it to all roles)
- Click on the Save button
Set Up User Provisioning
Go to OneLogin's Users > Users tab:
Select a user from the list by clicking on its row.
On the user's page, click the Applications tab and then click on the plus icon on the right-hand side to assign the user to monday.com:
Select the monday.com application from the list and click Continue:
Click the Save button on the bottom right in the Edit user window:
User Attributes
These fields are supported for mapping user attributes:
- Name (can’t contain special characters)
- Email (must be lowercase)
- Active (whether or not a user is enabled or disabled)
Set-Up Team Provisioning
You can provision Roles from OneLogin to monday.com by assigning monday.com application to the Role. Doing this will create a new Team in your monday.com account with all the users that are assigned to that role in OneLogin.
For privacy measures, we recommend coordinating the team provisioning with the monday.com admin, in order to avoid users losing access to their data or users gaining access non-intendedly.
1. Go to the roles page by clicking Users > Roles
2. Select the role you would like to be created in monday.com
3. On the Applications tab, select the monday.com app by clicking it:
Click Save on the right-hand side of the page.
4. To assign users to the role, go to the Users tab and search for a user in the "Check existing or add new users to this role" box. When the user is displayed, click on the Check button:
Click the Add to Role link on the user that was just checked:
Click Save on the right-hand side of the page.
Error Handling
Please find the below table that contains error codes and their possible reason. Check out the third column for resolution suggestions:
FAQs
We've outlined a list of SCIM-related frequently asked questions for you. Click on this link here to check them out!
If you have any questions, please reach out to our team right here. We’re available 24/7 and happy to help.
Comments