Configure SCIM user sync

  1. Create a separate application (not an Access Policy) of type "SCIM Provisioner with SAML (SCIM v2 Core)"
  1. Name the policy, then click Save

We recommend unchecking "Require admin approval" for all 3 actions. Otherwise, you will need to manually approve any changes in the Users tab before they will be synced to Twingate. Change "When users are deleted in OneLogin" to Delete.

  1. Copy the SCIM Endpoint, JSON Template, and Token from Twingate and enter them in the Configuration tab. The other fields can be ignored.
  1. Check Enable Provisioning under the Provisioning tab
  1. Confirm that the "SCIM Username" mapping is correctly configured. The default configuration is shown below, which maps "Username" to "SCIM Username", which is the field that Twingate uses to uniquely identity synchronized users. If your OneLogin configuration is not using the Username field for users, you should select "Email" for the mapping to "SCIM Username" instead.
  1. User sync should begin momentarily. Only users with Roles that are assigned to the SCIM application will be synced.

Did this page help you?