Skip to content

Screenshot

Integrating with OneLogin

Satori provides you with the ability to integrate with OneLogin, a secure identity provider designed to protect your organization by securing and centralizing your applications, devices, and end-users all-in-one place.

Ensure that you have first setup the SCIM integration in Satori according to the following instructions:

Before you Start - Setup the SCIM Protocol

Satori integrates with identity providers to manage users and groups via the SCIM protocol.

SCIM - A System for Cross-domain Identity Management is a protocol for user management across multiple applications. It allows an IT or Operations team to easily provision (add), de-provision (deactivate), and update user data across multiple applications at once.

Screenshot

Setting up SCIM in Satori

To set up the SCIM integration in the Satori Management Console, perform the following steps:

  1. Go to the Satori management console and select the Settings from the kabab menu.
  2. Now, select the Integration view and click on the SCIM Integration tile.

  3. Click the Generate Access Token button.

    NOTE: Remember to save the Provisioning URL and the SCIM Access Token as you will require them in order to complete the SCIM integration.

  4. Your Satori SCIM integration should now appear as an active integration tile in Satori.

  5. Now select your IP and continue the integration process accordingly.

Note: If you want to enable your SSO login to access Satori then refer to the following section in the SSO documentation Satori SSO Documentation. You can use the same app that you created for the SSO integration for your SCIM integration.

OneLogin Integration - Step 1

To integrate OneLogin with Satori you can use an existing OneLogin application or create a new one. To create an integration between OneLogin and Satori perform the following steps:

  1. To add an app to your company app catalog, go to Applications > Applications and click the Add App button.
  2. Now search for SCIM Provisioner with SAML (SCIM v2 Enterprise).
  3. Provide the display name for your new application.
  4. Click SAVE
  5. Now select the Configuration view. (For new and existing apps)
  6. Refer to the section called Setting Up SCIM in Satori and copy the relevant values as they appear in task number four.
  7. Enter the Provisioning URL in the SCIM Base URL input field
  8. Enter the SCIM access token in the SCIM Bearer Token input field.
  9. Click the Enable button
  10. The Onelogin API Connection should now become Enabled.
  11. Click Save

OneLogin User Integration - Step 2

Once you have created your OneLogin application you must now enable the workflow provisioning.

  1. Select the Provisioning view
  2. Check the Enable Provisioning checkbox.
  3. Click Save

Note: You have now configured the OneLogin application to support individual users.

OneLogin Group (Role) Integration - Step 3

Now you will configure groups for you application:

  1. Select the Parameters view.
  2. Select the Groups option in the SCIM Provisioner with SAML table.
  3. Click the Include in user provisioning checkbox.
  4. Click Save in the popup dialog.
  5. Now click Save in the OneLogin application.
  6. Select the Rules view and click the Add Rule button.
  7. Provide a new mapping name.
  8. Go to the Actions section and select the Set Groups in drop menu item.
  9. Check the Map from OneLogin radio button.
  10. Select Role from the For Each drop menu list.
  11. Now enter .* in the corresponding input field.
  12. Click Save.
  13. Click Save in the OneLogin application.

Note: You have now configured the OneLogin application to support group provisioning.

Syncing OneLogin Users with Satori

To synchronize OneLogin users with Satori, perform the following steps:

  1. Click on the Users drop menu from the OneLogin application header and select the Users drop menu list item.
  2. Now click on a specific user from the list.
  3. Click the Applications view.
  4. Click the Plus button.
  5. Select the relevant application from the drop menu list.
  6. Click the Continue button.
  7. Click Save.
  8. Now click the Save User button

Note: You must repeat this procedure for each user that you want to add to Satori.

Syncing OneLogin Roles with Satori Groups

To synchronize OneLogin roles (groups) with Satori, perform the following steps:

  1. Click on the Users drop menu from the OneLogin application header and select the Roles drop menu list item.
  2. Now click on a specific role from the list.
  3. Click the Applications view.
  4. Click the Plus button.
  5. Select the relevant application.
  6. Click Save.

Note: You must add users to a OneLogin role in order to enable the provisioning of this role.

Note: Renaming a role in OneLogin will not rename the group in Satori. A new group with a new name will be created in Satori and the relevant users will be assigned to it, and removed from the old group. The old group should be manually removed from Satori.

Important Note: If you delete groups from OneLogin you must manually remove them from Satori.

Provisioning Failure State

When failed provisioning states occur or for updating group names or when there are unsynchronized resources, perform the following:

Click the Reapply entitlement mapping drop menu item from the More Actions drop menu list to refresh the app state.