OneLogin

Configure the SCIM Integration in OneLogin

1. In OneLogin, navigate to Applications Add App to create an app.
2. Search and select SCIM Provisioner with SAML (SCIM v2 Core).
3. Enter a Display Name value for your SCIM test app to help you recognize it.
4. Click Save.
5. Select the Configuration tab and enter the following:
   1. SCIM Base URL: https://api.pagerduty.com/scim/v2
   2. SCIM Bearer Token: token=<PagerDuty API KEY>
   3. SCIM JSON Template:

{
  "schemas": [
    "urn:ietf:params:scim:schemas:core:2.0:User"
  ],
  "userName": "{$parameters.scimusername}",
  "displayName": "{$user.display_name}",
  "externalId": "{$parameters.externalId}", // Optional
  "active": "{$user.status}", // Optional
  "title": "{$parameters.title}", // Optional
  "roles": [{"type": "base", "value": "{$parameters.role}"}], // Optional
  "timezone": "{$parameters.timezone}", //Optional
  "entitlements": [{"type": "base", "value": "{$parameters.license}"}], // Optional
}

📘

Note

The "roles", "timezone", and "entitlements" mappings do not have basic mappings on the User object in OneLogin. You can achieve these mappings via custom User roles. The process is creating a custom user role for the mapping, then creating a parameter in the SCIM application that maps the custom User attribute to the parameter used in this schema: "role", "license", "timezone". See the PagerDuty role example below for more detail.

6. Click Save.

Configure Provisioning

1. In the Provisioning tab under Applications, select the Enable provisioning option for the SCIM Provisioner with SAML.
2. You can use Custom User Fields along with parameter mappings to set the PagerDuty role via role, the license via entitlements, and the time zone via timezone in the schema from the previous step.