See scim Menu

Step 4. Test Your SCIM Implementation

Now that you have your SCIM test app configured and connected to your SCIM implementation, trigger user provisioning to test the flow. We recommend that you trigger user provisioning by adding a user to a role that has access to your SCIM test app.

Configure Provisioning for Your SCIM Test App

  1. Access the Provisioning tab for your SCIM test app. Ensure that the Enable provisioning for option is selected.

  2. Under Require admin approval before this action…, select the Create user, Delete user, and Update user options.

    We recommend that you test with these options selected because this will create a queue of provisioning requests that you can monitor and control individually as you test and troubleshoot. See Understanding OneLogin Provisioning Calls to Your SCIM API for more details.

    Alternatively, clear the Create user, Delete user, and Update user options if you want OneLogin to provision new users and user updates to your SCIM test app without requiring administrative approval.

  3. In the When users are deleted in OneLogin… drop-down, select the action you want to test: Delete, Suspend, or Do Nothing.

  4. Select SAVE.

Trigger Provisioning for Your SCIM Test App

  1. Access the Access tab for your SCIM test app. Make a note of a value in the Roles section as shown below. You will assign this role to a user to start the provisioning process.

  2. Go to USERS > All Users. Search for and select the user you want to provision to your SCIM test app.

  3. Select the Applications tab for the user.

  4. In the Roles menu, select the role name you identified in step 1.

  5. Select SAVE to start the provisioning process.

Review and Approve Provisioning Tasks for Your SCIM Test App

For any user provisioning actions for which you selected options in Configure Provisioning for Your SCIM Test App, you must review the provisioning task and approve it before actual provisioning can take place.

To review and approve provisioning tasks:

  1. Log in as an admin and go to USERS > Provisioning to view the provisioning tasks in a queue requiring your approval.

  2. Select a Tasks row and manually APPROVE or IGNORE each provisioning action, as appropriate.

  3. Monitor provisioning progress by accessing the Users tab for your SCIM test app.

  4. Select a row to access details of the provisioning state. For example, select failed to view a reason for the failure and to RETRY the provisioning task.

Understanding OneLogin Provisioning Calls to Your SCIM API

  1. Provisioning starts with OneLogin making a call to your Get User Resource by userName API for each user that has been given access to the app to determine if the user needs to be created or updated in your app.

  2. If the user exists, OneLogin makes a call to your Update User Resource by ID API to make any necessary modifications, such as licenses, roles, and entitlements.

    To confirm that the update was made to the user, your API response should include the updated user.

  3. If the user does not exist, OneLogin makes a call to your Create User Resource API to create the user with all appropriate attributes and entitlements.

    To confirm that the user was created, the API response should include the created user.

For more information about SCIM API implementation details, see Step. 2 Implement RESTful SCIM APIs for Your App.


Have a Question?

Found a problem or a bug? Submit a support ticket.

Looking for walkthroughs or how-to guides on OneLogin's user and admin features? Check out the documentation in our Knowledge Base.

Have a product idea or request? Share it with us in our Ideas Portal.