myPolicies Help

OneLogin SCIM Employee Provisioning

5 minute read

Need More Answers?

General

Logging Into myPolicies
Acknowledging a Policy
Downloading My Policy Book

Admin

Traditional User Login Feature
Manage Accounts Using Bulk CSV File Upload
Review Frequency - Document Reviews
Tracking and Reporting
View Document Library
Create and Manage Your Policy Book

OneLogin SCIM Employee Provisioning

What is SCIM?

SCIM is an open standard for automating the exchange of identity information between systems, enabling advanced provisioning in order to automate the lifecycle of a user account within a software solution. SCIM can automate authorization settings and the creation, updating, and deactivation of user accounts.

If your organization is using the provisioning feature in OneLogin, myPolicies would like to help you set up push provisioning, enabling you to push account and authorization information from OneLogin to myPolicies via the SCIM standard.

In order for your organization to enable SCIM provisioning, please follow the step-by-step guide provided below.

  • Enable myPolicies SCIM Integration

    • Contact us at myPolicies because we need to enable this integration option for your myPolicies account.
      After you contact us, we will enable SCIM integration for your tenant instance of myPolicies and send you the information you need to complete this step-by-step guide.

  • Enable OneLogin SCIM Integration


    To configure SCIM provisioning, you will need to be an admin in OneLogin for your organization. Make sure you have admin privileges in OneLogin or are working with someone who has admin privileges before continuing.
    • Log into OneLogin.
    • Select Apps > Company Apps.
    • Add App.

    • Select your myPolicies Application from the list.
      Find myPolicies Application within OneLogin

    • Select Configuration.
      Find myPolicies Application within OneLogin

    • Enter Tenant Information.
    • Enter Application Details.

    • Your SCIM Base URL will be: https://{subdomain}.mypolicies.com/scim/v2 where subdomain is your specific subdomain for mypolicies

    • Enter SCIM Bearer Token.
      Find myPolicies Application within OneLogin

    • Enable API.
    • Select Save.

    • Select Provisioning Tab.
      Find myPolicies Application within OneLogin

    • Check Enable Provision for MyPolicies
      Find myPolicies Application within OneLogin.

    • Select Suspend for “When users are deleted in OneLogin, perform this action in myPolicies."

  • Configure SCIM Parameters in OneLogin


    Please configure your provisioning to include additional user attributes that you would like myPolicies to be aware of. For example, if you would like myPolicies to be able to assign document via a profile rule that uses "department" please ensure the department user attribute is mapped.

    1. 1. Select the Parameters Tab:
      1. a. You will be presented with a screen containing 19 Required Parameters.
      2. b. Many of these parameters are actually optional but myPolicies is set up recognize them.
      3. c. The required fields are:
        • i. External ID (SCIM)
        • ii. NameID
        • iii. SCIM Username
        • iv. Email
        • v. firstName
        • vi. lastName
    2. 2. To configure a parameter:
      1. a. Double-click on the parameter you wish to configure.
      2. b. Select the value you wish to map to the name parameter.

  • Provision Users in OneLogin


    When provisioning user for myPolicies, please ensure the email address associated with the user has been included among the allowed email domains for your myPolicies tenant. Users with email domains different from the allowed list in myPolicies will be rejected.
    1. Select all users from the Users drop-down menu.
    2. Double-click the user you wish to provision.
    3. Select the Applications Tab.
    4. Click the ‘+’.
    5. Then select your myPolicies App from the drop-down menu.

Important Notes:

Groups myPolicies does not currently support groups being sent from OneLogin. This is a future feature. Users When users are deactivated or deleted in OneLogin they are deactivated in myPolicies. Notes: When a myPolicies user with a draft assignment (author, sponsor, owner) and/or published ownership assignments is deactivated their assignments will be moved from the deactivated user to the policy manager. Additionaly, because of the way user name updates take place (i.e. the old user name is deactivated and the new user name is activated separately), draft assignments and published ownership assignments will be moved from the original user name to the policy manager and NOT to the new user name.

Appendix 1:

Mapping custom attributes

If you have an attribute that you would like myPolicies to be aware of please use the following instructions to map that attribute.

1. Go to the Profile Editor.
2. Select Add Attribute.

3. You can set the fields as you see fit.
a. For External Name this will be the name of sent to myPolicies in provisioning requests.
b. For External Namespace you will have to specify the following namespace otherwise myPolicies will ignore the customer attribute or reject the over provisioning request.
URN:IETF:PARAMS:SCIM:SCHEMAS:CORE:2.0:MYP:CUSTOM

4. Save the Attribute.
5. You can now map this attribute via Step 4.

Oli1

Still have questions?

Contact Us