Subscription Required: SCIM is available on select subscription plans only. Contact Support to learn more: Send an email to Support
In This Article:
What is User Provisioning with SCIM?
SCIM is an open standard that automates user management from an IDP and a SaaS service provider, in this case, Loopio. With our SCIM implementation, you are able to automatically provision / create a Loopio user directly within the IDP.
- You currently use OKTA for your user management needs
- You have SAML SSO enabled with Loopio. If you are already using SSO, steps 1-4 of Configuring SCIM User Provisioning in Okta below may already be completed
- You have generated a SCIM token created through the Loopio Admin Integrations page. To learn more about generating SCIM tokens see our article: How Do I Generate a Token for SCIM User Deprovisioning?
Configuring SCIM User Provisioning in Okta
Tip: To request a Loopio Sandbox for testing, reach out to our Support Team. Send an email to Support
Permissions Required: General Admin 1 (Manager) permissions or higher are required to generate a SCIM token to use in Okta. To learn more about generating SCIM tokens start here: How Do I Generate a Token for SCIM User Deprovisioning?
- In Okta navigate to Applications > Applications and select Create App Integration
- Select SAML 2.0 as the sign-in method and click Next
- Fill in the details for your application on the General Settings page and click Next
- Navigate to the Configure SAML page, then under ‘SAML Settings’ fill in the section with the values from the table below:
Single sign-on URL https://UNIQUE_LOOPIO_DOMAIN/sso_saml/module.php/saml/sp/saml2-acs.php/loopio-sp SP Entity ID loopio-sp Default RelayState https://UNIQUE_LOOPIO_DOMAIN/home NameID Format Unspecified Application username Update application username on Create and update
- Fill out the Feedback section and click Finish
- After you have created your application, on your application’s details page navigate to General and check Enable SCIM provisioning then click Save
- On your application’s details page navigate to Provisioning > Integration and fill in the form with the values in the table below, then click Save
SCIM connector base URL https://api.loopio.com/scim/v2 Unique Identifier field for users userName Supported provisioning actions (checked options)
Import New Users and Profile Updates
Push New Users
Push Profile Updates
Authentication Mode HTTP Header Authorization Your unique Bearer Token
Note: The HTTP Header Bearer token will be the SCIM token created through the Loopio Admin Integrations page. To learn more about generating SCIM tokens see our article: How Do I Generate a Token for SCIM User Deprovisioning?
- On your application’s details page navigate to Provisioning > To App and enable Create Users
Tip: You can optionally enable Update User Attributes to synchronize updating a user’s attributes in Loopio when they are modified in Okta. You can also choose to use SCIM to manage User deprovisioning, read more: Setting Up SCIM 2.0 User Deprovisioning with Okta
- Click Save
Adding and Mapping the Roles Attribute
Note: This guide provides common steps for adding and mapping the Roles Attribute in Okta. While the defaults work in many situations, consult the Okta documentation for any company-specific details.
If you do not already have the roles attribute set up, you will need to configure that following the steps below, or by configuring a Group Attribute.
- Go to the Okta Profile Editor for the Loopio App you created
- Click on Add Attribute
Tip: Copy the "Variable Name" from your app's Profile Editor screen before clicking Add Attribute
- Add an attribute with the values in the table below
Data Type String Array Display Name roles Variable Name
Append _roles to the variable name you copied from your Loopio app
External Name roles External Namespace
Must be exactly
Group Priority Use Group Priority
- Return to the Loopio app you created and select Provisioning > To App
- Enable “Update User Attributes” in Provisioning Settings for the SCIM app if this has not been done already
- Scroll down and click Show Unmapped Attributes
- Click the edit (pencil) icon beside the roles Attribute, and map the Attribute by linking it to an existing Attribute or giving a value, then click Save
Note: Selecting "Same value for all users" will result in all users assigned to this application being given the same Role in Loopio. The Role Attribute value passed to Loopio should match an existing Role name in Loopio. Read more: How Do I Manage a Role's Permissions?