SAML SSO OneLogin: User Provisioning
With SCIM protocol, admins can set up automatic user provisioning and deprovisioning for Wrike with OneLogin.
Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in OneLogin.
Automatic provisioning: OneLogin users are automatically provisioned for Wrike.
Synced user attributes: User attributes are automatically updated in Wrike when they're updated in OneLogin.
Automatic deactivation: Wrike users are automatically deactivated in Wrike when they're deactivated in OneLogin.
This page is about integrating Wrike with OneLogin SCIM. We have a separate page on setting up SAML SSO integration with OneLogin.
Members added through SCIM are billable as soon as they're provisioned.
You must have permission to Configure advanced security settings in Wrike and be a OneLogin admin to set up Wrike with OneLogin SCIM. We recommend setting up SAML SSO integration to Wrike through OneLogin first.
Only users from approved domains will be automatically provisioned to Wrike.
Open your Wrike workspace.
Click your profile picture in the view’s upper right-hand corner.
Select Apps & Integrations.
Click Configure next to OneLogin and open the SCIM tab.
Scroll to the bottom of the pop-up and copy the SCIM URL. You’ll be using it in a few steps.
Close the OneLogin pop-up (but stay in Wrike) and move on to Step 3.
Click API from the left-hand side of the Apps & Integrations page.
Enter a name in the App name field (we suggest OneLogin SCIM).
Click Create new.
(Optional) Add an app description.
Scroll to the bottom of the page and click Create v4 Token.
Enter your password and click Obtain token.
Copy the token and save it somewhere. You’ll need to enter this information in OneLogin.
You’re only shown your token once, so make sure you save it before moving on to the next steps.
Sign in to your OneLogin domain at <yourorganization>.OneLogin.com.
Click Apps and select Company Apps.
Find and select Wrike.
Switch to the Configuration tab.
In the SCIM Base URL field, add the URL from Step 2.
In the SCIM Bearer Token field, add the token from Step 3.
Click Enable next to API status.
Select the Provisioning tab.
Select Enable provisioning for SCIM Provisioner with SAML (SCIM v2).
(Optional) Specify if approvals are required and what should happen if a user is deleted from OneLogin.
Ensure that the relevant user/groups are assigned to Wrike.
The following attributes are synced from OneLogin to Wrike:
Primary phone number
Wrike user type
Specifying the Wrike user type (Regular, External, and Collaborator) is a custom attribute. By default, Regular Users are created.
If certain user attributes (e.g., phone number, department, or secondary emails) are filled in Wrike but missing in OneLogin, the information stays in Wrike even after user provisioning.
If a user doesn't get provisioned or deprovisioned:
Check the System Log in the OneLogin administration portal to see if a SCIM provisioning attempt is listed there.
If there is no provisioning attempt listed, make sure that users are properly assigned to Wrike’s application in OneLogin.
If an error is listed, please contact our Support Team and provide error details.