OneLogin

Configure the SCIM Integration in OneLogin

1. In OneLogin, navigate to Applications Add App to create an app.
2. Search and select SCIM Provisioner with SAML (SCIM v2 Core).
3. Enter a Display Name value for your SCIM test app that will help you recognize it.
4. Click Save.
5. Select the Configuration tab and enter the following:
   1. SCIM Base URL: https://api.pagerduty.com/scim/v2
   2. SCIM Bearer Token: token=<PagerDuty API KEY>
   3. SCIM JSON Template:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "{$parameters.scimusername}",
  "displayName": "{$user.display_name}",
  "externalId": "{$parameters.externalId}", // Optional
  "active": "{$user.status}", // Optional
  "title": "{$parameters.title}", // Optional
  "roles": [{"type": "base", "value": "{$parameters.role}"}], // Optional
  "timezone": "{$parameters.timezone}", //Optional
  "entitlements": [{"type": "base", "value": "{$parameters.license}"}], // Optional
}

📘

Note

The "roles", "timezone" and "entitlements" mappings don't have basic mappings on the User object in OneLogin. You can achieve these mappings via custom User roles. You can find more explanation of this further down with the PagerDuty Role example. The process is creating a custom user role for the mapping, then creating a parameter in the SCIM application that maps the custom User attribute to the parameter used in this schema: "role", "license", "timezone".

6. Click Save.

Configure Provisioning

1. In the Provisioning tab under Applications, select the Enable provisioning option for the SCIM Provisioner with SAML.
2. You can use Custom User Fields along with parameter mappings to set the PagerDuty Role via role, the license via entitlements and the time zone via timezone in the schema in the previous step.