AssetSonar integrates with the SCIM protocol, so you can manage your employees’ identity data on the cloud and seamlessly provide provision access and user rights to the AssetSonar application from any identity provider, including OneLogin.
1. What is SCIM?
SCIM, or System for Cross-domain Identity Management, is an open standard that automates user provisioning for your organization. It communicates your employees’ user identity data from identity providers to service providers.
An identity provider (IdP) system contains a robust directory of user identities and single, consistent login credentials for each of your employees. OneLogin is an example. A service provider (SP) is an enterprise SaaS application that requires these user identities so your employees can log into the application.
The SCIM protocol ensures that changes to user identities in the IdP, such as OneLogin, are automatically synced in the SP i.e., AssetSonar.
2. Why use SCIM?
Managing the user life cycle is crucial for businesses. As companies grow or experience turnover, their employee count keeps changing. They need a quick and easy way to add or delete user accounts in their company directories and simultaneously authorize or revoke employees’ access to various business applications.
Our integration with SCIM simplifies the user experience by automating your user provisioning processes. It automatically creates, updates, and deletes users in your AssetSonar account as you create, update, and delete them in IDP tools like Onelogin. Since data is communicated automatically, it saves your IT team valuable time and reduces the risk of errors stemming from manual data entry.
AssetSonar’s SCIM integration with OneLogin offers various benefits. These include:
1. Centralized user management: Manage the team from one central platform where you can invite employees, grant access to relevant users, and de-provision them when they leave the organization.
2. Strengthen your identity strategy: SCIM provisioning with Onelogin allows you to strengthen your identity strategy and manage your teams by folding AssetSonar passwords into your already established workflows.
3. Streamlined onboarding: SCIM bridge with Onelogin reduces the work required to seamlessly onboard new employees so your IT team can spend more time on other tasks.
3. [How-to] Implement SCIM user provisioning with OneLogin
Let’s walk you through some basic steps on how to implement SCIM-based user provisioning with Onelogin!
Step 1: Enable SCIM in AssetSonar
To enable SCIM in your AssetSonar account, follow the pathway: Settings → Integrations → User Provisioning via SCIM and select ‘Enabled.’ Hit ‘Update’.
This action reveals additional information shown below:
- SCIM Connector Base URL
- Connector Key
In Step 2, you will need to enter the two values in the ‘Tenant URL’ and ‘Secret Token’ data fields, respectively.
Step 2: Add the AssetSonar application in OneLogin
Before you go ahead and start provisioning users, you must first add the AssetSonar application to your OneLogin portal.
The process is very simple.
1. In your OneLogin account, go to Applications and enter SCIM in the search bar.
2. Select “SCIM Provisioner with SAML (SCIM v2 Enterprise)”.
3. This leads you to the Configurations page. Enter the required details and hit “Save.”
4. Once you save the generic information, more options will become available. Click on “Configuration” and scroll down to the API Connection.
5. In the SCIM base URL field, enter the URL from your SCIM settings in AssetSonar. The connector key should be entered in the “SCIM Bearer Token” section.
6. In the SCIM JSON Template, add the following schema:
{
“{
"schemas": [
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User",
"urn:ietf:params:scim:schemas:core:2.0:User"
],
"userName": "{$parameters.scimusername}",
"name": {
"familyName": "{$user.lastname}",
"givenName": "{$user.firstname}",
"formatted": "{$user.display_name}"
},
"emails": [{
"value": "{$user.email}",
"type": "work",
"primary": true
}],
"title": "{$parameters.title}",
“custom_mappings”: {
“office” : "{$user.custom_fields.office}"
},
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"department": "{$parameters.department}",
"manager": {
"value": "{$parameters.external_manager_id}",
"displayName": "{$user.manager_firstname} {$user.manager_lastname}"
}
}
6.1. To map custom fields from OneLogin to AssetSonar, you can add them to the JSON schema by adding a custom_mapping scope, as shown in the JSON template above.
For example, if you want to map a user custom field named ‘Office Location’ in OneLogin, the short name for this custom field in OneLogin is “office,”.
To map this custom field in AssetSonar, you would have to map it like “scope.field_mapping_name”. So, in this example, it would be “custom_mappings.office”.
"<field_mapping_name>": "{$user.custom_fields.<short_name>}".
"office": "{$user.custom_fields.office}"
Once you have filled out the required fields, hit “Enable”.
7. Once you have enabled the API, click “Save”.
4. Importing users to Custom Roles In AssetSonar
If you want to map your users and their respective roles so that their hierarchy is reflected in AssetSonar, check the ‘Import Users to Custom Roles’ option.
Once you have checked the settings, the following options would appear on the attribute and column mapping table:
Note: If the data values for Roles and Teams are not already specified in AssetSonar, the users belonging to these Roles and Teams will not get provisioned into AssetSonar. You will receive an email listing the users that could not be provisioned.
If a custom role imported from OneLogin via SCIM does not exist in AssetSonar, users belonging to that custom role can be provisioned to a default role in AssetSonar. You can set the Default Role using the option highlighted below:
Let’s say you imported users belonging to the custom role Customer Success team from OneLogin via SCIM, and this custom role is not present in AssetSonar; users belonging to this role will be provisioned as Administrators.
Suppose you do not wish to provide these users as Administrators. In that case, you can also select the option ‘Provision to some role’ and provide these users with a custom role already in AssetSonar.
5. Provisioning User(s)
To enable the Onelogin provisioning service for AssetSonar, carry out the steps outlined below:
1. Go to the Provisioning tab and click on “Enable Provisioning”.
2. Update the remaining fields as shown below:
Once updated, hit “Save”.
Go to the Users tab and add the users you wish to provision for AssetSonar. Once you have entered all the details, click on “Save.”
Once provisioned, the user status would be updated.
6. Setting up Alerts for user syncs and updates
AssetSonar allows you to set up and receive alerts whenever users imported from OneLogin via SCIM are synced or updated. You can set these up from “My Alerts” and “ServiceDesk Alerts.” Select the email alerts of your preference as shown:
Moreover, the content of the email alerts can be switched to pre-generated templates that can be easily renamed or edited. The default template for email alerts is shown below.
Read more: [How to] Implement User Provisioning via SCIM with Azure AD in AssetSonar