Overview
This guide is intended to help IT Administrators setup SCIM provisioning for Reclaim.ai with OneLogin.
This is for creating a new "Custom App" while the Reclaim.ai SCIM App in the OneLogin Application Directory is under review.
If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].
Pre-Requirements
Setup on a Reclaim.ai Enterprise Plan (see: https://reclaim.ai/pricing)
Have your domain enabled/configured for SSO (Domain Capture) in Reclaim.ai
Administrator access to your OneLogin account.
For 1-2 - work with your Reclaim.ai contact/rep if you are unsure.
Create an API Key in Reclaim.ai
Login to Reclaim.ai (https://app.reclaim.ai/login)
In your URL bar enter: https://app.reclaim.ai/settings/developer
Generate a new API Key:
Enter a Name for the key, such as "OneLogin SCIM"
Set Expiration to "Never" (or whatever is appropriate for your security policy)
Click "Generate key"
Click the "Copy" icon to copy the key to your clipboard
Save the key some place secure for future use
Now you can continue on with the OneLogin portion of the setup.
Create a new Application in OneLogin for SCIM
This step will create a new custom application integration for SCIM for Reclaim.ai in OneLogin. This is in addition to the ODIC App you may have also created for SSO.
Reclaim has submitted an SCIM application to OneLogin for review; once that has been approved you may use that for simpler install. For now, follow the steps below to setup Reclaim.ai as a custom Application specifically for SCIM.
Login to OneLogin as an Admin
Click on "Administration" in the upper left which should open a new tab
From the Administration screen screen, click “Applications->Applications”:
From the “Applications” screen:
Click on the "Add App" button in the upper right
In the "search" box type in "SCIM"
Find the Application called "SCIM Provisioner with SAML (SCIM v2 Core)" and click on it:
On the "Add SCIM Provisioner with SAML (SCIM v2 Core)" page:
Click on the "Configuration" tab in the Left Nav; on this screen:
Under "Application details" leave both SAML URL fields blank (we are not using SAML)
Under "API Connection":
For "SCIM Base URL" enter: https://api.app.reclaim.ai/scim/v2
Leave "Custom Headers" blank
For "SCIM Bearer Token" enter the API Key you created in the earlier step
Leave the "SCIM JSON Template" as is
Click on the "Enable" button under "API Status"
You should see a brief pop-up and then the API Status change to "Enabled"
Click on the "Provisioning" tab in the Left Nav; on this screen:
Click on the "Save" button.
The setup for the Reclaim SCIM Application in OneLogin is now complete.
Provisioning Users via SCIM
To provision a user using the newly created Reclaim SCIM App:
Log into your OneLogin portal as an Admin
Click on "Administration" in the upper left
Click on the "Users" tab in the top
Select a User you would like to provision
Click on the "Applications" tab on the left
Click on the "+" to Add the SCIM application
Select the Reclaim.ai SCIM App you created in the previous step
Click "Continue"
On the Pop-up:
Check "Allow user to sign in"
Check "Hide this app in Portal"
Ensure "scimusername" and "NameID" is the user email address.
Click "Save"
You should see "Provisioned" with a green check box after a few moments; your user how now been provisioned on Reclaim.ai!
Provisioning Time
The time to provision users in Reclaim.ai should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.