Please follow the steps below to set up SCIM (System for Cross-domain Identity Management) to provision users in Wisq. Once connected, user provisioning will be automatically managed based on assignments in OneLogin. If you have any questions about these steps, please contact your Wisq Agent Strategist for assistance.
Prerequisites
Before you begin, ensure you have:
- Admin access to your OneLogin tenant.
You will be provided the following via Proton mail from Wisq:
- SCIM Base URL
- SCIM Bearer Token
Step-by-Step Setup
1. Add the SCIM Provisioner Application in OneLogin
- Log in to your OneLogin Admin Console
- Navigate to Applications → Applications
- Click Add App
- Search for SCIM Provisioner with SAML and select it
- Enter a Display Name such as Wisq SCIM Provisioning
- Click Save
2. Configure SCIM Connection
- Click on the Configuration tab
- In the SCIM Base URL field, enter the URL provided by Wisq via Proton
- In the SCIM Bearer Token field, enter the token provided by Wisq via Proton
- Under API Connection, click Enable. If successful, the API Status will display as Enabled
- Click Save
3. Enable Provisioning
- Click on the Provisioning tab
- Check Enable provisioning
- Under Require admin approval before this action is performed, select Create user, Delete user, and Update user
- For When users are deleted in OneLogin, select Delete
- For When user accounts are suspended in OneLogin, select Suspend
- Click Save
4. Define Attribute Mappings
OneLogin will auto-map common fields. Here are typical attributes we expect to ingest via SCIM.
| Attribute | OneLogin Field |
| First Name | First Name |
| Last Name | Last Name |
| Email (Primary) | |
| Job Title | Title |
| Department | Department |
To verify or add attribute mappings, navigate to the Parameters tab in your SCIM application. For each attribute, ensure Include in User Provisioning is checked. If any of the attributes above are not automatically present, click the + icon to add them.
If any of these don’t automatically appear, or you have any questions, please let us know!
5. Assign Users
- Start by selecting 1 or 2 users to test with.
- To provision users:
- Navigate to Users → Users in the OneLogin top menu
- Select the user you want to provision
- Click the Applications tab on their profile
- Click the + icon, select your Wisq SCIM Provisioning app, and click Continue
- Click Save
- If you enabled admin approval in Step 3, navigate to Users tab within the SCIM application and approve any pending provisioning actions
Alternatively, you can assign users via Roles:
- Navigate to Users → Roles
- Create or select a role, then add the Wisq SCIM Provisioning app to that role
- Assign users to the role to provision them automatically
- After test users are provisioned and Wisq has confirmed that all attributes are being received properly, more users can be provisioned. Ensure you discuss with your project lead who should get access to Wisq and when users should gain access.