Overview
This guide is intended to help IT Administrators setup SCIM provisioning for Reclaim.ai with OneLogin.
If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].
Pre-Requirements
Setup on a Reclaim.ai Enterprise Plan (see: https://reclaim.ai/pricing)
Have your domain enabled/configured for SSO (Domain Capture) in Reclaim.ai
Have a Google Service Account setup and enabled (see: https://help.reclaim.ai/en/articles/6520530-using-google-workspace-service-accounts-to-roll-out-reclaim-to-your-enterprise)
Administrator access to your OneLogin account.
For 1-2 - work with your Reclaim.ai contact/rep if you are unsure.
Create an API Key in Reclaim.ai
Login to Reclaim.ai (https://app.reclaim.ai/login)
In your URL bar enter: https://app.reclaim.ai/settings/developer
Generate a new API Key:
Enter a Name for the key, such as "OneLogin SCIM"
Set Expiration to "Never" (or whatever is appropriate for your security policy)
Click "Generate key"
Click the "Copy" icon to copy the key to your clipboard
Save the key some place secure for future use
Now you can continue on with the OneLogin portion of the setup.
Install the Reclaim SCIM Application
This step will install the Reclaim SCIM Application from the OneLogin App Catalog. This is in addition to the ODIC App you may have installed for SSO (OneLogin requires 2 separate Apps).
Login to OneLogin as an Admin
Click on "Administration" in the upper left which should open a new tab
From the Administration screen screen, click “Applications->Applications”
Click on the "Add App" button in the upper right:
From the “Find Applications” screen:
In the "search" box type in "Reclaim"
Click on the "Reclaim AI (SCIM provisioning only)" App:
On the "Reclaim AI (SCIM provisioning only)" page:
For "Display Name" enter "Reclaim.ai SCIM" (or something similar of your choosing).
Make sure the "Visible in portal" box check box is checked
Enter a description needed for other IT Admins
Click the “Save” button:
Click on the "Configuration" tab in the Left Nav; on this screen:
Under "Application details" leave both SAML URL fields blank (we are not using SAML)
Under "API Connection":
For "SCIM Base URL" enter: https://api.app.reclaim.ai/scim/v2
Leave "Custom Headers" blank
For "SCIM Bearer Token" enter the API Key you created in the earlier step
Leave the "SCIM JSON Template" as is
Click on the "Enable" button under "API Status"
You should see a brief pop-up and then the API Status change to "Enabled"
Click on the "Provisioning" tab in the Left Nav; on this screen:
Check the "Enable provisioning" box
Choose whether you want Admin approval for any of the actions per your organization controls
Set "When users are deleted in OneLogin" to "Delete"
Set "When user accounts are suspended in OneLogin" to "Do Nothing" (Reclaim does not support suspending, only delete.
Click on the "Save" button.
The setup for the Reclaim SCIM Application in OneLogin is now complete.
Provisioning Users via SCIM
To provision a user using the newly created Reclaim SCIM App:
Log into your OneLogin portal as an Admin
Click on "Administration" in the upper left
Click on the "Users" tab in the top
Select a User you would like to provision
Click on the "Applications" tab on the left
Click on the "+" to Add the SCIM application
Select the Reclaim.ai SCIM App you created in the previous step
Click "Continue"
On the Pop-up:
Check "Allow user to sign in"
Check "Hide this app in Portal"
Ensure "scimusername" and "NameID" is the user email address.
Click "Save"
You should see "Provisioned" with a green check box after a few moments; your user how now been provisioned on Reclaim.ai!
Provisioning Time
The time to provision users in Reclaim.ai should be almost immediate, but could depend on the number of users or size of group. It most cases, everything should be complete in a few minutes.