Problem
You would like to set up real-time provisioning and de-provisioning of your employee data via your SSO Provider (e.g. Okta or OneLogin).
Solution
Take advantage of your SSO provider's SCIM-based user provisioning and de-provisioning features:
- Push New Users. Your SSO provider notifies us whenever a new user is created, so that we can create a new user on our end.
- Push Profile Updates. Your SSO provider notifies us whenever an existing user's details are changed, so that we can reflect these changes on our end.
- Push User Deactivation. Your SSO provider notifies us whenever an existing user has been de-activated, so that we can de-provision this user on our end.
Step-by-Step Configuration Instructions
1) In your PlusPlus instance, click on your profile, and select Settings
2) When in Settings, click on SSO & Security and scroll down to SCIM.
3) Turn on “Enable SCIM provisioning integration” and save the form.
4) Configure a new the SCIM integration with your SSO Provider.
- See your provider's documentation on how to do this: Okta or OneLogin
- You'll need to copy-paste Base URL and API Token from the SCIM section
Discussion
While the SCIM-based integration is near real-time, it carries a lot less data about the employee record. Because of that, we do not run any of the automated rules in response to callbacks from your SSO/SCIM provider.
That said, this integration is can be configured to run along-side our other two people integrations: