Skip to main content
Setting up SCIM with OneLogin
Kim Giaoui avatar
Written by Kim Giaoui
Updated over a week ago

If you use OneLogin as your identity provider, please follow this guide to set up the SCIM protocol for your Tomorro organization.

Note: only an admin can manage these settings on Tomorro.

If you're already using a Tomorro application for, say, a SAML connection, go straight to step 2.

Step 1 - Create an application on OneLogin

  • In your administrator area, go to the "Applications" section, then click on "Add App" at the top right of the page

  • Select an application type "SCIM provisioner with SAML (SCIM v2 Core w/SCIM2 Groups)" from the list

  • Enter the application name, for example "Tomorro", add a logo and icon, then save

Step 2 - Enable SCIM provisioning on your application

  • Open the "Configuration" options, then enter the information for your Tomorro SCIM integration module in the various fields

"schemas": [
"userName": "{$parameters.scimusername}",
"userType": "{$user.title}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"

  • Then activate the API, and save using the button at top right

  • In the parameters, change the value of the "scimusername" field to "email", then save

  • Add a rule based on members' "active" status, remind them that the scimusername must be their email address, then save

  • In the "Provisioning" settings, enable provisioning, then, if you want provisioning to be automatic, disable administrator approvals before "create users", "delete users" or "update users"

Step 3 - Provision individual users

  • Go to the "Users" section, under "Users", from the top ribbon navigation

  • Select one of your users, then go to the "Applications" section, and click on the "+" icon on the right of the screen

  • Select the Tomorro application, then click on "Continue".

  • Simply click on "Save" on the next screen, without modifying anything

  • Your user is provisioned in Tomorro! ✨

Step 4 - Provision users from OneLogin roles

  • Go to "Roles", under "Users"

  • Click on "New Role" in the top right-hand corner, then give your role a name, select the Tomorro application, and save

  • You can now use this role to provision the Tomorro application directly

Step 5 - Choose the Tomorro role for your users from OneLogin

  • L'attribut OneLogin "Title" est utilisé pour renseigner le rôle Tomorro (admin, manager, contributeur) selon le mapping suivant:

OneLogin attribute ➡️ Tomorro Role

admin ➡️ Admin

manager ➡️ Manager

user ➡️ Contributor

  • You can fill in this field to see the correct role assigned to the user in Tomorro. This field can be filled in individually on each user, or automatically according to the associated role

1. From user's profiles

  • Go to the profile of one of your users, then choose the value of "Title", and save

2. From roles

  • Go to the "Mappings" section under "Users", then create a new mapping using the button at the top right of the page

  • Here is an example of a mapping that will set the "Title" field to "admin" for all users with the Legal role

And that's it, the SCIM protocol is now enabled for Tomorro! 🚀

Did this answer your question?