SAML SSO OneLogin: User Provisioning
Availability: Legacy Enterprise.; Unavailability: Legacy Free, Legacy Professional, Legacy Business.; |
Availability: Enterprise Standard, Enterprise Pinnacle. ; Unavailability: Free, Professional, Team, Business Plus; |
With SCIM protocol, admins can set up automatic user provisioning and deprovisioning for Wrike with OneLogin.
Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in OneLogin.
-
Automatic provisioning: OneLogin users are automatically provisioned for Wrike.
-
Synced user attributes: User attributes are automatically updated in Wrike when they're updated in OneLogin.
Note
To successfully update user attributes of account admins, the account admin who issued the API token must have the right to grant/revoke admin rights enabled.
-
Automatic deactivation: Wrike users are automatically deactivated in Wrike when they're deactivated in OneLogin.
This page is about integrating Wrike with OneLogin SCIM. We have a separate page on setting up SAML SSO integration with OneLogin.
Note
Members added through SCIM are billable as soon as they're provisioned.
You must have permission to Configure advanced security settings in Wrike and be a OneLogin admin to set up Wrike with OneLogin SCIM. We recommend setting up SAML SSO integration to Wrike through OneLogin first.
Only users from approved domains will be automatically provisioned to Wrike.
-
Open your Wrike workspace.
-
Click your profile picture in the view’s upper right-hand corner.
-
Select Apps & Integrations.
-
Click Configure next to OneLogin and open the SCIM tab.
-
Scroll to the bottom of the pop-up and copy the SCIM URL. You’ll be using it in a few steps.
-
Close the OneLogin pop-up (but stay in Wrike) and move on to Step 3.
-
Click API from the left-hand side of the Apps & Integrations page.
-
Enter a name in the App name field (we suggest OneLogin SCIM).
-
Click Create new.
-
(Optional) Add an app description.
-
Scroll to the bottom of the page and click Create Token.
-
Enter your password and click Obtain token.
-
Copy the token and save it somewhere. You’ll need to enter this information in OneLogin.
Important
You’re only shown your token once, so make sure you save it before moving on to the next steps.
-
Click Save.
-
Sign in to your OneLogin domain at <yourorganization>.OneLogin.com.
-
Click Administration.
-
Click the Applications tab and select Applications from the menu.
-
Find and select Wrike.
-
Switch to the Configuration tab.
-
Add information:
-
In the SCIM Base URL field, add the URL from Step 2.
-
In the SCIM Bearer Token field, add the token from Step 3.
-
-
Click Enable next to API status.
-
Select the Provisioning tab.
-
Select Enable provisioning.
-
(Optional) Specify if approvals are required and what should happen if a user is deleted from OneLogin.
-
Click Save.
-
Ensure that the relevant user/groups are assigned to Wrike.
The following attributes are synced from OneLogin to Wrike:
-
Username
-
Given name
-
Family name
-
Primary email
-
Job title
-
Primary phone number
-
Organization name
-
Department
-
Wrike user type
Note
Wrike user type (Regular, External, Collaborator, Contributor and Viewer) is a custom attribute. By default, Regular Users are created.
If certain user attributes (e.g., phone number, department, or secondary emails) are filled in Wrike but missing in OneLogin, the information stays in Wrike even after user provisioning.
If a user doesn't get provisioned or deprovisioned:
-
Check the System Log in the OneLogin administration portal to see if a SCIM provisioning attempt is listed there.
-
If there is no provisioning attempt listed, ensure that users are properly assigned to Wrike’s application in OneLogin.
-
If an error is listed, please contact our Support Team and provide error details.
-