Configuring SCIM 2.0 provisioning for 15Five
This guide provides the steps required to configure provisioning for 15Five, and includes the following sections:
- Configuration Steps
- Troubleshooting Tips
Automatic User Provisioning is supported for the 15Five application.
This enables OneLogin to:
- Add new users to 15Five
- Update select fields in users’ profile information in 15Five
- Deactivate users in 15Five
The following provisioning features are supported:
- Push New Users
- New users created through OneLogin will also be created in 15Five.
- Push Profile Updates
- Updates made to the user's profile through OneLogin will be pushed to 15Five.
- Push User Deactivation
- Deactivating the user or disabling the user's access to the application through OneLogin will deactivate the user in 15Five.
- Import New Users
- New users created in the third party application will be downloaded and turned into new AppUser objects, for matching against existing OneLogin users.
Before you configure provisioning for 15Five:
- Enable SCIM in your 15Five account and generate an Access Token.
Configure your Configuration settings for 15Five in OneLogin as follows:
- Under Application Details > Subdomain, type the subdomain associated with your 15Five account. Usually, this subdomain will be “my”.
- If you use SAML with 15Five, replace “my” in the URL with your specific subdomain.
Under API Connection:
- SCIM 2.0 Base Url: https://my.15five.com/scim/v2/
- You can find your SCIM 2.0 Base URL in the same section from which you generated your Access Token.
- OAuth Bearer Token: Place the Access Token from 15Five here.
- Click the Enable button and check that your credentials were verified successfully. The API Status indicator will change to a green “Enabled” if the credentials were verified successfully.
Configure your Provisioning settings for 15Five in OneLogin as follows:
- Ensure “Enable provisioning for 15Five” is enabled.
- (Not required) For added security, check off boxes for actions that would require admin approval before being sent to 15Five.
- Ensure “When users are deleted in OneLogin, perform this action in 15Five” is set to “Delete”.
When giving 15Five access to a OneLogin user for the first time, a new user in 15Five will be created. If SSO is enabled for that user’s company in 15Five, that user will be sent a welcome email with a link to the SSO page at 15Five. If SSO is not enabled, that user will be sent a link to sign in and set their password.
First, add your group in 15Five at https://subdomain.15fiveit.com/group/list.
Below, we've added a group called Leadership.
Then, within OneLogin, navigate to the 15Five app and then to the Provisioning tab within that app.
Under Entitlements, click the Refresh link. Clicking this link will import all of the groups available in 15Five into OneLogin. You will now be able to associate a user with a group within OneLogin and have that association propagated to 15Five via SCIM.
To associate a group with a user, navigate to that user's profile in OneLogin, move the group from the "Available Values" section to the "Selected values" section, and click save.
The user should now be a member of the group in 15Five.
Troubleshooting + Support
Manager/Reviewer not syncing?
Make sure that the manager exists within 15Five prior to provisioning any reporters for that manager. 15Five will ignore any manager assignments that include managers not present in 15Five.
Changing a userName?
15Five depends on the uniqueness of a user’s email address. Therefore, provisioning will fail if a user’s userName is updated but their email address is not. Ensure these two values (userName and email) are the same and retry the provision if has failed.
This integration is built and supported by 15Five and our support team. Contact the 15Five support team at firstname.lastname@example.org if any issues arise.