Skip to main content

OneLogin SCIM Setup Guide

Updated over 12 months ago

Overview

This guide is intended to help IT Administrators setup SCIM provisioning for Reclaim.ai with OneLogin.

If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].

Pre-Requirements

  1. Setup on a Reclaim.ai Enterprise Plan (see: https://reclaim.ai/pricing) or a Business Trial

  2. Have your domain enabled/configured for SSO in Reclaim.ai

  3. Have a "Auto Capture" enabled on your Reclaim Team (if you are unsure if this is the case, ask your contact/rep and/or [email protected]).

  4. Have a Google Service Account setup and enabled (see: https://help.reclaim.ai/en/articles/6520530-using-google-workspace-service-accounts-to-roll-out-reclaim-to-your-enterprise)

  5. Have an "Admin" Role on your Reclaim Team - You can check the Team Billing Page (https://app.reclaim.ai/billing) for your Team to verify this.

  6. Administrator access to your OneLogin account.

For 1-3: Work with your Reclaim.ai contact/rep if you are unsure.

Create an API Key in Reclaim.ai

  1. Login to Reclaim.ai (https://app.reclaim.ai/login)

  2. In your URL bar enter: https://app.reclaim.ai/settings/developer

  3. Generate a new API Key:

    1. Enter a Name for the key, such as "OneLogin SCIM"

    2. Set Expiration to "Never" (or whatever is appropriate for your security policy)

    3. Click "Generate key"

    4. Click the "Copy" icon to copy the key to your clipboard

    5. Save the key some place secure for future use

Now you can continue on with the OneLogin portion of the setup.

Install the Reclaim SCIM Application

This step will install the Reclaim SCIM Application from the OneLogin App Catalog. This is in addition to the ODIC App you may have installed for SSO (OneLogin requires 2 separate Apps).

  1. Login to OneLogin as an Admin

  2. Click on "Administration" in the upper left which should open a new tab

  3. From the Administration screen screen, click “Applications->Applications

  4. Click on the "Add App" button in the upper right:

  5. From the “Find Applications” screen:

    1. In the "search" box type in "Reclaim"

    2. Click on the "Reclaim AI (SCIM provisioning only)" App:

  6. On the "Reclaim AI (SCIM provisioning only)" page:

    1. For "Display Name" enter "Reclaim.ai SCIM" (or something similar of your choosing).

    2. Make sure the "Visible in portal" box check box is checked

    3. Enter a description needed for other IT Admins

    4. Click the “Save” button:

  7. Click on the "Configuration" tab in the Left Nav; on this screen:

    1. Under "Application details" leave both SAML URL fields blank (we are not using SAML)

    2. Under "API Connection":

      1. For "SCIM Base URL" enter: https://api.app.reclaim.ai/scim/v2

      2. Leave "Custom Headers" blank

      3. For "SCIM Bearer Token" enter the API Key you created in the earlier step

      4. Leave the "SCIM JSON Template" as is

      5. Click on the "Enable" button under "API Status"

      6. You should see a brief pop-up and then the API Status change to "Enabled"

  8. Click on the "Provisioning" tab in the Left Nav; on this screen:

    1. Check the "Enable provisioning" box

    2. Choose whether you want Admin approval for any of the actions per your organization controls

    3. Set "When users are deleted in OneLogin" to "Delete"

    4. Set "When user accounts are suspended in OneLogin" to "Do Nothing" (Reclaim does not support suspending, only delete.

  9. Click on the "Save" button.

The setup for the Reclaim SCIM Application in OneLogin is now complete.

Provisioning Users via SCIM

To provision a user using the newly created Reclaim SCIM App:

  1. Log into your OneLogin portal as an Admin

  2. Click on "Administration" in the upper left

  3. Click on the "Users" tab in the top

  4. Select a User you would like to provision

  5. Click on the "Applications" tab on the left

  6. Click on the "+" to Add the SCIM application

  7. Select the Reclaim.ai SCIM App you created in the previous step

  8. Click "Continue"

  9. On the Pop-up:

    1. Check "Allow user to sign in"

    2. Check "Hide this app in Portal"

    3. Ensure "scimusername" and "NameID" is the user email address.

    4. Click "Save"

You should see "Provisioned" with a green check box after a few moments; your user how now been provisioned on Reclaim.ai!

Provisioning Time

The time to provision users in Reclaim.ai should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.

Related Articles
Using Google Workspace service accounts to roll out Reclaim to your enterprise
Okta SSO Setup Guide - App Catalog
Okta SCIM - Initial Setup Guide
Okta SCIM - Import/Sync Existing Users
Switching from Clockwise to Reclaim.ai
Did this answer your question?