All Collections
Account and Team Administration
SSO and SCIM Support
OneLogin SCIM 2.0 Setup Guide - Custom Application
OneLogin SCIM 2.0 Setup Guide - Custom Application
Stevan Arychuk avatar
Written by Stevan Arychuk
Updated over a week ago


This guide is intended to help IT Administrators setup SCIM provisioning for with OneLogin.

This is for creating a new "Custom App" while the SCIM App in the OneLogin Application Directory is under review.

If you need any additional assistance beyond this guide, please reach your to your contact/rep, or support via our website and/or [email protected].


  1. Setup on a Enterprise Plan (see:

  2. Have your domain enabled/configured for SSO (Domain Capture) in

  3. Administrator access to your OneLogin account.

For 1-2 - work with your contact/rep if you are unsure.

Create an API Key in

  1. Login to (

  2. Generate a new API Key:

    1. Enter a Name for the key, such as "OneLogin SCIM"

    2. Set Expiration to "Never" (or whatever is appropriate for your security policy)

    3. Click "Generate key"

    4. Click the "Copy" icon to copy the key to your clipboard

    5. Save the key some place secure for future use

Now you can continue on with the OneLogin portion of the setup.

Create a new Application in OneLogin for SCIM

This step will create a new custom application integration for SCIM for in OneLogin. This is in addition to the ODIC App you may have also created for SSO.

Reclaim has submitted an SCIM application to OneLogin for review; once that has been approved you may use that for simpler install. For now, follow the steps below to setup as a custom Application specifically for SCIM.

  1. Login to OneLogin as an Admin

  2. Click on "Administration" in the upper left which should open a new tab

  3. From the Administration screen screen, click “Applications->Applications”:

  4. From the “Applications” screen:

    1. Click on the "Add App" button in the upper right

    2. In the "search" box type in "SCIM"

    3. Find the Application called "SCIM Provisioner with SAML (SCIM v2 Core)" and click on it:

  5. On the "Add SCIM Provisioner with SAML (SCIM v2 Core)" page:

    1. For "Display Name" enter " SCIM" (or something similar of your choosing).

    2. Make sure the "Visible in portal" box check box is checked

    3. You may upload an Icon if you wish

    4. Click the “Save” button:

  6. Click on the "Configuration" tab in the Left Nav; on this screen:

    1. Under "Application details" leave both SAML URL fields blank (we are not using SAML)

    2. Under "API Connection":

      1. For "SCIM Base URL" enter:

      2. Leave "Custom Headers" blank

      3. For "SCIM Bearer Token" enter the API Key you created in the earlier step

      4. Leave the "SCIM JSON Template" as is

      5. Click on the "Enable" button under "API Status"

      6. You should see a brief pop-up and then the API Status change to "Enabled"

  7. Click on the "Provisioning" tab in the Left Nav; on this screen:

    1. Check the "Enable provisioning" box

    2. Choose whether you want Admin approval for any of the actions per your organization controls

    3. Set "When users are deleted in OneLogin" to "Delete"

    4. Set "When user accounts are suspended in OneLogin" to "Do Nothing" (Reclaim does not support suspending, only delete.

  8. Click on the "Save" button.

The setup for the Reclaim SCIM Application in OneLogin is now complete.

Provisioning Users via SCIM

To provision a user using the newly created Reclaim SCIM App:

  1. Log into your OneLogin portal as an Admin

  2. Click on "Administration" in the upper left

  3. Click on the "Users" tab in the top

  4. Select a User you would like to provision

  5. Click on the "Applications" tab on the left

  6. Click on the "+" to Add the SCIM application

  7. Select the SCIM App you created in the previous step

  8. Click "Continue"

  9. On the Pop-up:

    1. Check "Allow user to sign in"

    2. Check "Hide this app in Portal"

    3. Ensure "scimusername" and "NameID" is the user email address.

    4. Click "Save"

You should see "Provisioned" with a green check box after a few moments; your user how now been provisioned on!

Provisioning Time

The time to provision users in should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.

Did this answer your question?