Problem

You would like to set up real-time provisioning and de-provisioning of your employee data via your SSO Provider (e.g. Okta or OneLogin).

Solution

Take advantage of your SSO provider's SCIM-based user provisioning and de-provisioning features:

  • Push New Users. Your SSO provider notifies us whenever a new user is created, so that we can create a new user on our end.
  • Push Profile Updates. Your SSO provider notifies us whenever an existing user's details are changed, so that we can reflect these changes on our end.
  • Push User Deactivation. Your SSO provider notifies us whenever an existing user has been de-activated, so that we can de-provision this user on our end.

Step-­by-­Step Configuration Instructions

1) In your PlusPlus instance, click on your profile, and select Settings

2) When in Settings, click on SSO & Security and scroll down to SCIM.

3) Turn on “Enable SCIM provisioning integration” and save the form.

4) Configure a new the SCIM integration with your SSO Provider.

  • See your provider's documentation on how to do this: Okta or OneLogin
  • You'll need to copy-paste Base URL and API Token from the SCIM section

Discussion

While the SCIM-based integration is near real-time, it carries a lot less data about the employee record. Because of that, we do not run any of the automated rules in response to callbacks from your SSO/SCIM provider.

That said, this integration is can be configured to run along-side our other two people integrations:

  1. People Integration: Direct API
  2. People Integration: CSV over SFTP

See Also

Did this answer your question?