All articles

SAML SSO OneLogin: User Provisioning

Table 23. Availability - Legacy plans


Availability: Legacy Enterprise.; Unavailability: Legacy Free, Legacy Professional, Legacy Business.;


Availability: Enterprise Standard, Enterprise Pinnacle. ; Unavailability: Free, Professional, Team, Business Plus;

Overview

With SCIM protocol, admins can set up automatic user provisioning and deprovisioning for Wrike with OneLogin.

Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in OneLogin.

  • Automatic provisioning: OneLogin users are automatically provisioned for Wrike.

  • Synced user attributes: User attributes are automatically updated in Wrike when they're updated in OneLogin.

    Note

    To successfully update user attributes of account admins, the account admin who issued the API token must have the right to grant/revoke admin rights enabled.

  • Automatic deactivation: Wrike users are automatically deactivated in Wrike when they're deactivated in OneLogin.

This page is about integrating Wrike with OneLogin SCIM. We have a separate page on setting up SAML SSO integration with OneLogin.

Note

Members added through SCIM are billable as soon as they're provisioned.

Set up Wrike with OneLogin SCIM

You must have permission to Configure advanced security settings in Wrike and be a OneLogin admin to set up Wrike with OneLogin SCIM. We recommend setting up SAML SSO integration to Wrike through OneLogin first.

Step 1: Add approved domains

Only users from approved domains will be automatically provisioned to Wrike.

Step 2: Find and note the SCIM URL

  1. Open your Wrike workspace.

  2. Click your profile picture in the view’s upper right-hand corner.

  3. Select Apps & Integrations.

  4. Click Configure next to OneLogin and open the SCIM tab.

  5. Scroll to the bottom of the pop-up and copy the SCIM URL. You’ll be using it in a few steps.

  6. Close the OneLogin pop-up (but stay in Wrike) and move on to Step 3.

Step 3: Obtain the OAUTH token

  1. Click API from the left-hand side of the Apps & Integrations page.

  2. Enter a name in the App name field (we suggest OneLogin SCIM).

  3. Click Create new.

  4. (Optional) Add an app description.

  5. Scroll to the bottom of the page and click Create Token.

  6. Enter your password and click Obtain token.

  7. Copy the token and save it somewhere. You’ll need to enter this information in OneLogin.

    Important

    You’re only shown your token once, so make sure you save it before moving on to the next steps.

  8. Click Save.

Step 4: Finalize the setup from OneLogin

  1. Sign in to your OneLogin domain at <yourorganization>.OneLogin.com.

  2. Click Administration.

  3. Click the Applications tab and select Applications from the menu.

  4. Find and select Wrike.

  5. Switch to the Configuration tab.

  6. Add information:

    • In the SCIM Base URL field, add the URL from Step 2.

    • In the SCIM Bearer Token field, add the token from Step 3.

  7. Click Enable next to API status.

  8. Select the Provisioning tab.

  9. Select Enable provisioning.

  10. (Optional) Specify if approvals are required and what should happen if a user is deleted from OneLogin.

  11. Click Save.

  12. Ensure that the relevant user/groups are assigned to Wrike.

Synced attributes

The following attributes are synced from OneLogin to Wrike:

  • Username

  • Given name

  • Family name

  • Primary email

  • Job title

  • Primary phone number

  • Organization name

  • Department

  • Wrike user type

Note

Wrike user type (Regular, External, Collaborator, Contributor and Viewer) is a custom attribute. By default, Regular Users are created.

Troubleshooting

Missing attributes

If certain user attributes (e.g., phone number, department, or secondary emails) are filled in Wrike but missing in OneLogin, the information stays in Wrike even after user provisioning.

User provisioning/deprovisioning

If a user doesn't get provisioned or deprovisioned:

  • Check the System Log in the OneLogin administration portal to see if a SCIM provisioning attempt is listed there.

    • If there is no provisioning attempt listed, ensure that users are properly assigned to Wrike’s application in OneLogin.

    • If an error is listed, please contact our Support Team and provide error details.

Top