Fellow

This guide contains the following sections:

<a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_b26cf628ef">Supported Features</a>

<a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_f252c19f82">Requirements</a>

<a href="#h_57457b9333">Enable the integration in Fellow</a>

<a href="#h_5e17d02183">Configuring SCIM params in OneLogin</a>

<a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_e187ae6131">Troubleshooting and Tips</a>

- <a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_b26cf628ef">Supported Features</a>
- <a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_f252c19f82">Requirements</a>
- <a href="#h_57457b9333">Enable the integration in Fellow</a>
- <a href="#h_5e17d02183">Configuring SCIM params in OneLogin</a>
- <a href="https://help.fellow.app/en/articles/5760933-okta-integration-guide-scim#h_e187ae6131">Troubleshooting and Tips</a>

- Create Users. New users created in OneLogin will be automatically synced and created in Fellow
- Update User Attributes. Changes in OneLogin users profiles, assigned to an application, will be synced to Fellow
- Deactivate Users. Deactivation of users in OneLogin will result in unable them to log in plus marking as "Inactive" in Fellow
- Reactivate Users. Users, reactivated in OneLogin, will be able to log in into Fellow again and be marked as "Active"
- Group Push. Groups created in OneLogin can be synced into Fellow as Teams ​ ​

You need to have a Fellow account with an <a href="https://help.fellow.app/en/articles/4252549-our-enterprise-plan">Enterprise plan</a> to use this feature, and it must be enabled by a team including a Fellow admin and a OneLogin admin (or your IT team) ​ ​

1. From a workspace administrator account, navigate to the Account Integrations section in Settings, and then to the SCIM card.
 
 
2. Click the Connect button on the top right corner of the page ​ ​
3. You will then see this form: ​
 
 
4. Then press Regenerate token, confirm an action: ​
 
 
5. After, copy your SCIM token, save it temporarily in a safe place, it is required for the next step ​
 
 ​

1. Log in to your OneLogin account, and navigate to Applications (URL: https://&lt;your_workspace&gt;.onelogin.com/admin2/apps) ​
2. Click on the "Add app" button ​
 
 
3. In the search input, type "SCIM" and select "SCIM Provisioner with SAML (SCIM v2 Enterprise)" app ​
 
 
4. Specify basic params and click "Save" at the next screen ​
 
 
5. On the app detail page, navigate to the "Configuration" tab ​
 1. Set <code>http://fellow.app/scim/v2</code> as a "SCIM Base URL" ​
 2. Paste this config into a "SCIM JSON Template":
 { "schemas": [ "urn:scim:schemas:core:2.0", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "userName": "{$parameters.scimusername}", "name": { "familyName": "{$user.lastname}", "givenName": "{$user.firstname}", "formatted": "{$user.display_name}" }, "emails": [{ "value": "{$user.email}", "type": "work", "primary": true }], "title": "{$parameters.title}", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "department": "{$parameters.department}", "manager": { "value": "{$parameters.managerEmail}", "displayName": "{$user.manager_firstname} {$user.manager_lastname}" } } }
 
 3. Copy your token from Fellow into the "SCIM Bearer Token" field, then click the "Save" button ​
 4. On the same page, click on the "Enable" button ​
 
 
6. Navigate to the "Parameters" tab and hit a "+" button to add a new param ​
 
 
 1. In the "Field name" type "managerEmail", check the "Include in User Provisioning" checkbox, then click "Save" ​
 
 
 2. In the next modal, select a related field as a "Manager Email" (you can start typing to search for it) ​
 
 
 3. Then click on the "SCIM Username" field ​
 
 ​
 4. And select the "email" as a value, then click "Save" ​
 
 
 5. So the resulting params page should be like that: ​
 
 
7. [Optional] To add groups sync, you can add custom rules. See the <a href="https://developers.onelogin.com/scim/create-app#provgroups" rel="nofollow noopener noreferrer" target="_blank">OneLogin article</a> for that ​
8. Finally, the last step - navigate to "Provisioning" tab, check "Enable provisioning" and click "Save" ​
 
 
9. Now you can assign users to an app and have them synced to Fellow

1. Supported Features
 - Create Users. New users created in OneLogin will be automatically synced and created in Fellow
 - Update User Attributes. Changes in OneLogin users profiles, assigned to an application, will be synced to Fellow
 - Deactivate Users. Deactivation of users in OneLogin will result in unable them to log in plus marking as "Inactive" in Fellow
 - Reactivate Users. Users, reactivated in OneLogin, will be able to log in into Fellow again and be marked as "Active"
 - Group Push. Groups created in OneLogin can be synced into Fellow as Teams ​ ​
2. Requirements
 You need to have a Fellow account with an <a href="https://help.fellow.app/en/articles/4252549-our-enterprise-plan">Enterprise plan</a> to use this feature, and it must be enabled by a team including a Fellow admin and a OneLogin admin (or your IT team) ​ ​
3. Enable the integration in Fellow
 1. From a workspace administrator account, navigate to the Account Integrations section in Settings, and then to the SCIM card.
 
 
 2. Click the Connect button on the top right corner of the page ​ ​
 3. You will then see this form: ​
 
 
 4. Then press Regenerate token, confirm an action: ​
 
 
 5. After, copy your SCIM token, save it temporarily in a safe place, it is required for the next step ​
 
 ​
4. Configuring SCIM params in OneLogin
 1. Log in to your OneLogin account, and navigate to Applications (URL: https://&lt;your_workspace&gt;.onelogin.com/admin2/apps) ​
 2. Click on the "Add app" button ​
 
 
 3. In the search input, type "SCIM" and select "SCIM Provisioner with SAML (SCIM v2 Enterprise)" app ​
 
 
 4. Specify basic params and click "Save" at the next screen ​
 
 
 5. On the app detail page, navigate to the "Configuration" tab ​
 1. Set <code>http://fellow.app/scim/v2</code> as a "SCIM Base URL" ​
 2. Paste this config into a "SCIM JSON Template":
 { "schemas": [ "urn:scim:schemas:core:2.0", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User" ], "userName": "{$parameters.scimusername}", "name": { "familyName": "{$user.lastname}", "givenName": "{$user.firstname}", "formatted": "{$user.display_name}" }, "emails": [{ "value": "{$user.email}", "type": "work", "primary": true }], "title": "{$parameters.title}", "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": { "department": "{$parameters.department}", "manager": { "value": "{$parameters.managerEmail}", "displayName": "{$user.manager_firstname} {$user.manager_lastname}" } } }
 
 3. Copy your token from Fellow into the "SCIM Bearer Token" field, then click the "Save" button ​
 4. On the same page, click on the "Enable" button ​
 
 
 6. Navigate to the "Parameters" tab and hit a "+" button to add a new param ​
 
 
 1. In the "Field name" type "managerEmail", check the "Include in User Provisioning" checkbox, then click "Save" ​
 
 
 2. In the next modal, select a related field as a "Manager Email" (you can start typing to search for it) ​
 
 
 3. Then click on the "SCIM Username" field ​
 
 ​
 4. And select the "email" as a value, then click "Save" ​
 
 
 5. So the resulting params page should be like that: ​
 
 
 7. [Optional] To add groups sync, you can add custom rules. See the <a href="https://developers.onelogin.com/scim/create-app#provgroups" rel="nofollow noopener noreferrer" target="_blank">OneLogin article</a> for that ​
 8. Finally, the last step - navigate to "Provisioning" tab, check "Enable provisioning" and click "Save" ​
 
 
 9. Now you can assign users to an app and have them synced to Fellow