SCIM User Provisioning with OneLogin

SCIM 2.0, the System for Cross-domain Identity Management open standard, allows for user identity information management between cloud systems. Talkdesk® enables automatic and simplified user management through the SCIM 2.0 protocol.

Over the SCIM API, Talkdesk receives the following user information, creating the user based on it: first name, last name, and e-mail address. By default, the user status is "active", which means that the licensing is automatically consumed on provisioning.

Prior to initiating the configuration, please ensure the necessary credentials to provide the service are available (OAuth token), and that enough licenses exist at Talkdesk for all the users. If at the end of the procedure, some users are provisioned with the “Deactivated” status in your Microsoft ADFS console, it may be due to the lack of licenses for all new users. In this case, please check the complete information in Agents and Licenses 

To add and/or delete users via SCIM 2.0 with OneLogin in Talkdesk, please follow these steps:

 

Notes:

  • The SCIM API does not work for Talkdesk Phone user creation. 
  • The rate limit for this API is 4 requests per second, if you encounter a 429 response status code (Too many requests), please retry within the next second.

 SCIM_user_1.png

  1. Log in to your OneLogin account, and select Applications [1].
  2. Go to the search bar [2]. Add SCIM provisioner w/SAML (SCIM v2 w/OAuth & Scope) or SCIM provisioner w/SAML (SCIM v2 w/OAuth) and hit enter.SCIM_User_2.png
  3. Add a “Display Name” [3] on the Portal section.SCIM_User_3.png
  4. Write https://api.talkdeskapp.com/scim/v2 on the “SCIM Base URL” field [4], in the “Application Details” section.SCIM_User_4.png
  5. Scroll down, and fill in the following information:
{
"schemas": [
"urn:scim:schemas:core:2.0",
"urn:ietf:params:scim:schemas:extension:talkdesk:2.0:User"
]
"userName": "{$user.email}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"
},
"active": "{$user.active}"
}

6. Copy the “schema” above. 

{
"schemas": [
"urn:scim:schemas:core:2.0",
"urn:ietf:params:scim:schemas:extension:talkdesk:2.0:User"
]
"userName": "{$user.email}",
"name": {
"givenName": "{$user.firstname}",
"familyName": "{$user.lastname}"
},
"active": "{$user.active}",
"urn:ietf:params:scim:schemas:extension:talkdesk:2.0:User": {
"rolesString": "{$parameters.rolesString}"
}
}

7. Alternatively, if you wish to assign the role to the user via SCIM, you'll need to use the above schema.

Note: If the Role field is empty, Talkdesk will create the user with the default Role Agent.

SCIM_user_6.png

8. Scroll down to the “API Connection” section and paste the “schema” info in “SCIM JSON Template” [10].

9. Hit Save [11].

 

How to Get Access to the SCIM API

Setup and enablement are conducted by Talkdesk. Please reach out to us if you wish to use this feature.

 

Token Renewal

Talkdesk SCIM API offers out-of-the-box integration with OneLogin.

For SCIM API, the default token duration for the SCIM API OAuth client is 30 days. This means you will have to renew the token every 30 days by performing the following steps:

mceclip0.png

  1. Log in to your OneLogin account, and select Administration [1].mceclip1.png
  2. On the top bar menu, go to Applications > Applications [2] and select your SCIM application.mceclip2.png
  3. On the sidebar menu, go to Configuration [3].
  4. Scroll down to the "API Connection" section and click Authenticate [4].mceclip4.png
  5. In the dialog that appears, click the link and log in to your Talkdesk account.
All Articles ""
Please sign in to submit a request.