search
Customer Support

PingOne - SCIM - Configuration

circle-check

hashtag
Important Note

The instructions in this article cover a third-party app and may not reflect the latest version. Please use these instructions as a guide to complete the task, but be aware that some screens, field names, and steps may have changed.

hashtag
Overview

This article provides details on configuring a PingOne identity provider to use Flosum's SCIM API. For more information about SCIM, see the following article.

circle-exclamation

hashtag
Customer-Hosted

Customers who host Flosum Apps on their own infrastructure will have a custom URL for logging into their apps. When using this documentation, replace any Flosum Hosted URLs with your own URLs.

hashtag
Prerequisites

Before setting up automated provisioning, ensure SAML-based SSO is properly configured and fully functional in your Flosum tenant.

Ensure your Attribute mappings are correctly set. See the screenshot and table below.

Claim Name
Value

userUniqueId

User ID

firstName

Given Name

lastName

Family Name

email

Email Address

For instructions for adding and configuring a PingOne identity provider, see the following articles.

hashtag
Configure PingOne

1

hashtag
Create SCIM Outbound Connection

circle-info

hashtag
SCIM Outbound Provisioning

This method allows identities to flow from PingOne to Flosum Cloud Apps, with changes occurring almost instantly. When a user account is changed in PingOne, Flosum immediately reflects the update.

  1. Navigate to the Integration section in the left sidebar menu.

  2. Click the Provisioning tab.

  3. Click the + icon next to the Provisioning title.

  4. Click Select for the Identity Store type.

  5. Select SCIM Outbound for the connection.

  6. Click Next.

2

hashtag
Name Connection

  1. Complete the Connection Icon, Name, and Description fields to help identify this connection.

  2. Click Next.

3

hashtag
Configure Authentication

Refer to the screenshot for an example of configuring the authentication settings to connect to Flosum's SCIM API.

  1. In the SCIM Base URL textbox, enter the SCIM API URL for your region from the table below.

Region
SCIM API URL

United States

https://global-us.flosum.app/api/v1/scim

Germany

https://global-de.flosum.app/api/v1/scim

Japan

https://global-jp.flosum.app/api/v1/scim

Australia

https://global-au.flosum.app/api/v1/scim

  1. In the Oauth Access Token textbox, enter your Global Settings API Token. If you don't have an API Token, see the following article for instructions on creating one.

    1. Creating an API Token

  2. In the Users Resource textbox, enter /Users.

circle-info

The Flosum SCIM API does not support Group provisioning at this time, so leave the Group Resources textbox blank.

  1. Click Test Connection.

  2. If the test connection was successful, click Next.

circle-info

If you don't receive a connection confirmation, check the SCIM Base URL and ensure it isn't blocked by firewalls or other network traffic interceptors. Then verify that the API Token is correct.

4

hashtag
Configure Preferences

Refer to the screenshot for an example of configuring the preferences for connecting with Flosum's SCIM API.

circle-exclamation

Flosum uses the email address as the username. Make sure the User Identifier is mapped to workEmail.

  1. Select workEmail for the User Identifier dropdown.

  2. Select either option for Group Membership Handling, since group provision is not supported by the Flosum SCIM API.

  3. Check the Enable users creation checkbox.

  4. Check the Enable users updation checkbox.

  5. (Optional) When the Enable users disable setting is enabled, users disabled in PingOne are automatically disabled in Flosum.

  6. Check the Enable users deprovision checkbox. When checked, users deleted in PingOne are automatically deleted in Flosum.

  7. Select the Delete or Disable in the Remove Action dropdown.

  8. (Optional) When Deprovision on rule deletion is enabled, all users provisioned by this rule in Flosum will be removed (deleted or disabled) when the rule is deleted.

  9. Click Save.

5

hashtag
Create Rule

Create a rule for the connection created above.

  1. Choose PingOne as the Source.

  2. Choose the connection you created for Flosum's SCIM API as the Target.

  3. Enter a Name for the rule.

  4. Configure directory settings for outbound provisioning. Choose which users to sync from PingOne to Flosum, based on population or user attributes.

  5. Map attributes between PingOne and Flosum to ensure users are provisioned correctly. See the screenshot and table below on how to set the correct attribute mappings.

PingOne Attribute
Flosum API Attribute

Enabled

active

Family Name

familyName

GivenName

givenName

EmailAddress

userName

EmailAddress

workEmail

Timezone

timeZone

  1. Click Save.

6

hashtag
Enable Provisioning

Once you've set up the rule and connection for the Flosum SCIM API, turn on both to enable provisioning. In PingOne, provisioning occurs immediately after you create, delete, or edit users.

PreviousOkta - SCIM - ConfigurationNextMFA Devices

Last updated

Was this helpful?