Joan uses a System for Cross-Domain Identity Management (SCIM) to enable the automatic provisioning of users from OneLogin. When enabled, all user management will be done only in OneLogin and disabled on Joan's side.
1. Enable SCIM integration in MyJoan
Navigate to user directory and click on SCIM. When a new window opens, enable the integration and generate a new token. That token will be used to authenticate the connection between OneLogin and Joan.
2. Create a new application in your OneLogin account.
In the "Applications" subpage search for "scim" and select "SCIM Provisioner with SAML (SCIM v2 Enterprise)". That is a generic SCIM integration application provided by OneLogin.
Enter the application display name (e.g. Joan Integration) and click Save. A new application will be created. In the next steps, we'll configure it to connect to your Joan account.
3. Configure Joan SCIM OneLogin application
Now that a new application is created, we need to configure it. Go to the "Configuration" subpage.
To connect a newly created application with Joan please use the following:
SCIM Base URL: https://portal.getjoan.com/api/scim/v2
SCIM Bearer Token: copy it from Joan SCIM configuration page.
SCIM JSON Template:
{
"schemas": [
"urn:scim:schemas:core:2.0"
],
"active": "{$user.status}",
"userName": "{$user.email}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"
},
"externalId":"{$user.external_id}",
"userType":"{$user.custom_fields.userType}"
}
All fields, apart from the "userType" are mandatory. A "userType" field is used to properly map roles from your OneLogin directory to Joan. It helps you automatically manage roles and permissions in your Joan account. If the "userType" field is not included or empty all created users will have a default "User" role assigned in your Joan account.
Currently supported Joan account roles:
- User
- Office Manager
Click Save.
Should you wish to configure automatic role sync from OneLogin, please continue to the 2a step below. If not, please continue to step 3.
2a. [Optional] Configure userType custom field
Should you wish to automatically sync roles with Joan, follow the steps below to configure mappings from OneLogin.
a. Create a new Custom User Field
To create a custom user field called "userType", go to Users -> Custom User Fields and click on "New User Field".
When creating a new user field, please use the following values:
Name: userType
Shortname: userType
Click Save.
b. Add a new userType application parameter
Go to Applications and select the newly created Joan integration. On the left side menu, click "Parameters" and then a "+" sign to add a new one.
In the Field name type "userType" and make sure the "Include in SAML assertion" box is checked. Click Save.
Now that a new application parameter is set, we need to edit it and map it to the correct value. For the "Value" select the previously created custom user field - "userType" and click Save.
c. Create mapping
Now that we have custom fields set, we need to properly map your OneLogin roles to Joan roles. Go to Users -> Mappings and create a new mapping.
Joan currently supports the following account roles:
- User
- Office Manager
Since all users from OneLogin will by default have a "User" role, we only need to define one mapping, that is for the "Office Manager". Make sure that in the "Actions" dropdown "Set userType" is selected and mapping is set to "Office Manager". After done, click Save.
3. Enable integration
To enable the integration go to Configuration -> API Connection and click Enable. API Status should change to green/Enabled.
After the API connection is established, we need to make sure the provisioning is enabled. Go to "Provisioning" subpage and make sure that the following checkboxes and values are set:
That's it. You can now start adding users. They will automatically sync with your Joan account.
If you encounter any issues, please contact support@getjoan.com.