If you use OneLogin as your identity provider, please follow this guide to set up the SCIM protocol for your Tomorro organization.
Note: only an admin can manage these settings on Tomorro.
If you're already using a Tomorro application for, say, a SAML connection, go straight to step 2.
Step 1 - Create an application on OneLogin
In your administrator area, go to the "Applications" section, then click on "Add App" at the top right of the page
Select an application type "SCIM provisioner with SAML (SCIM v2 Core w/SCIM2 Groups)" from the list
Enter the application name, for example "Tomorro", add a logo and icon, then save
Step 2 - Enable SCIM provisioning on your application
Open the "Configuration" options, then enter the information for your Tomorro SCIM integration module in the various fields
{
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "{$parameters.scimusername}",
"userType": "{$user.title}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"
}
}
Then activate the API, and save using the button at top right
In the parameters, change the value of the "scimusername" field to "email", then save
Add a rule based on members' "active" status, remind them that the scimusername must be their email address, then save
In the "Provisioning" settings, enable provisioning, then, if you want provisioning to be automatic, disable administrator approvals before "create users", "delete users" or "update users"
Step 3 - Provision individual users
Go to the "Users" section, under "Users", from the top ribbon navigation
Select one of your users, then go to the "Applications" section, and click on the "+" icon on the right of the screen
Select the Tomorro application, then click on "Continue".
Simply click on "Save" on the next screen, without modifying anything
Your user is provisioned in Tomorro! ✨
Step 4 - Provision users from OneLogin roles
Go to "Roles", under "Users"
Click on "New Role" in the top right-hand corner, then give your role a name, select the Tomorro application, and save
You can now use this role to provision the Tomorro application directly
Step 5 - Choose the Tomorro role for your users from OneLogin
L'attribut OneLogin "Title" est utilisé pour renseigner le rôle Tomorro (admin, manager, contributeur) selon le mapping suivant:
OneLogin attribute ➡️ Tomorro Role
admin ➡️ Admin
manager ➡️ Manager
user ➡️ Contributor
You can fill in this field to see the correct role assigned to the user in Tomorro. This field can be filled in individually on each user, or automatically according to the associated role
1. From user's profiles
Go to the profile of one of your users, then choose the value of "Title", and save
2. From roles
Go to the "Mappings" section under "Users", then create a new mapping using the button at the top right of the page
Here is an example of a mapping that will set the "Title" field to "admin" for all users with the Legal role
And that's it, the SCIM protocol is now enabled for Tomorro! 🚀