> **Building with AI coding agents?** If you're using an AI coding agent, install the official Scalekit plugin. It gives your agent full awareness of the Scalekit API — reducing hallucinations and enabling faster, more accurate code generation. > > - **Claude Code**: `/plugin marketplace add scalekit-inc/claude-code-authstack` then `/plugin install @scalekit-auth-stack` > - **GitHub Copilot CLI**: `copilot plugin marketplace add scalekit-inc/github-copilot-authstack` then `copilot plugin install @scalekit-auth-stack` > - **Codex**: run the bash installer, restart, then open Plugin Directory and enable `` > - **Skills CLI** (Windsurf, Cline, 40+ agents): `npx skills add scalekit-inc/skills --list` then `--skill ` > > `` / ``: `agentkit`, `full-stack-auth`, `mcp-auth`, `modular-sso`, `modular-scim` — [Full setup guide](https://docs.scalekit.com/dev-kit/build-with-ai/) --- # OneLogin Directory Learn how to sync your OneLogin directory with your application for automated user provisioning and management using SCIM. This guide helps administrators sync their OneLogin directory with an application they want to onboard. Integrating your application with OneLogin automates user management tasks and keeps access rights up-to-date. Setting up the integration involves: 1. **Endpoint**: The URL where OneLogin sends requests to your application, enabling communication between them. 2. **Bearer Token**: A token OneLogin uses to authenticate its requests to the endpoint, ensuring security and authorization. By setting up these components, you enable seamless synchronization between your application and the OneLogin directory. 1. ## Create an endpoint and API token Open the SCIM configuration portal and select the **SCIM Provisioning** tab. Choose **OneLogin** as your Directory Provider and click on **Configure**. > Image: Setting up Directory Sync in the admin portal of an app being onboarded: OneLogin selected as the provider, awaiting configuration 2. ## Add a new application in OneLogin Open OneLogin's **Administration** portal. Click **Applications** from the top navigation panel. > Image: OneLogin Administration Applications Click **Add App** to add a new application. > Image: The OneLogin Applications page displays a list of apps with options to download JSON or add a new app. Search for **SCIM with SAML (SCIM v2 Enterprise)** and select it. > Image: OneLogin application search results for **SCIM Provisioner with SAML** displaying SCIM v2 Enterprise option. Give a suitable app name(e.g., **Hero SaaS App**) and then click **Save**. > Image: Configuring the portal settings for the application in OneLogin, including display name and icon options. Go to the **SCIM configuration portal** and copy the **Endpoint URL** and **Bearer Token** for the SCIM integration. > Image: OneLogin directory sync setup: Endpoint URL and one-time visible bearer token provided On OneLogin, go to the **Configuration** tab in the left navigation panel. Add the above copied values in the **SCIM Base URL** and **SCIM Bearer Token** fields. Then click the **Enable** button. > Image: Configure credentials in the OneLogin dashboard. Go to the **Provisioning** tab, enable provisioning, and click **Save**. > Image: Setting up provisioning workflow for SCIM Provisioner with SAML in OneLogin, including options for user creation, deletion, and suspension actions. 3. ## Provision users Go to **Users** and click on a user you want to provision. > Image: OneLogin Users dashboard displaying user information, including roles, last login time, and account status. > note > > You can create a new user for testing. Ensure users have a **username** property, which will be treated as a unique identifier in SCIM implementations. Using an email address as the username is also allowed. Go to the **Applications** tab from the left navigation bar, click **+**, and assign the recently created application. Click **Continue**. > Image: Assigning a new login to a user in OneLogin The user provisioning action will remain in pending state for the application. Click on **Pending**. > Image: Provision user to SCIM application. In the new modal, click on **Approve** to approve provisioning of the user in the application. > Image: OneLogin user provisioning dialog for creating Kitty Flake in Hero SaaS App, with options to approve or skip the action. The status should change to **Provisioned** within a few seconds. > Image: OneLogin user profile for Kitty Flake displaying assigned applications, with Hero SaaS App provisioned and admin-configured. 4. ## Configure group provisioning From the top navigation, click on **Users** and select **Roles** from the dropdown. > Image: Navigate to roles tab. Click on **New Role**. > Image: Create new role. Enter the **Role name**(this will be the name of the group). Select the recently created SCIM application and click Save. > Image: Add role name and assign it to SCIM application. Now select the created Role. Click the **Users** tab for the role. Search for any users you'd like to assign to that role, click on **Check** and then click on **Add To Role**. Click on **Save**. > Image: Add users to the new role. Navigate to **Applications** from the top bar and then click on the recently created application. > Image: Navigate to created SCIM application. Go to the **Parameters** tab from the left navigation and click on the **Groups** row. > Image: Navigate to parameters tab and then select groups row. Once the modal opens up, check **Include in User Provisioning** and then click on **Save**. > Image: Set user provisioning option. Navigate to **Rules** tab from left navigation and click on **Add Rule**. > Image: Create a new rule. Give a suitable name to the rule (e.g., Assign Group to SCIM app) and set the action to **Set Groups in Hero SaaS App** for each **role** with any value. Then click **Save**. > Image: Configuring a new mapping for group assignment in the Hero SaaS App using OneLogin. Navigate to **Users** tab from the left nav bar. You can see new users(belonging to the above created role) populated on the screen. For each of such user, click on **Pending**. > Image: Users from the recently created role are listed here. Once the modal opens up, click on **Approve**. The user belonging to the role will be provisioned to the application. > Image: Approve user provisioning to the application. 5. ## Group based role assignment Now on the **SCIM configuration portal**, configure appropriate group to role mapping to automatically assign roles to users in the application based on their group membership in OneLogin. Then click on **Save**. > Image: Assigning roles to user based on group membership. 6. ## Verify successful connection After completing these steps, verify that the users and groups are successfully synced by visiting **Users** and **Groups** tab in the **SCIM configuration portal**. > Image: Verificy SCIM integration. --- ## More Scalekit documentation | Resource | What it contains | When to use it | |----------|-----------------|----------------| | [/llms.txt](/llms.txt) | Structured index with routing hints per product area | Start here — find which documentation set covers your topic before loading full content | | [/llms-full.txt](/llms-full.txt) | Complete documentation for all Scalekit products in one file | Use when you need exhaustive context across multiple products or when the topic spans several areas | | [sitemap-0.xml](https://docs.scalekit.com/sitemap-0.xml) | Full URL list of every documentation page | Use to discover specific page URLs you can fetch for targeted, page-level answers |