Setting up SCIM on Ping Identity

You can configure SCIM provisioning between Ping Identity and Haiilo to import your users and groups from Ping Identity. 

These instructions are for reference only. When implementing SCIM, it's important to consider your organization's specific policies and best practices. These instructions focus on configuring SCIM on Ping's side and include Ping-specific details that are current at the time of writing. We suggest reviewing Ping's documentation on setting up SCIM for more information → Creating a SCIM connection

1. Start setting up a SCIM user directory on Haiilo

You need "Manage user directories" permission on Haiilo to set up a user directory.

  1. Go to Administration > User directories.
  2. Select Create user directory to add a new user directory.
  3. Enter a name.
  4. Choose a type: SCIM.
  5. Activate the directory.
  6. In the API clients tab, select Create to create an API client pair.
  7. Copy and save the Client ID and Client Secret for later use. The client secret is generated only after saving and is only visible once.
  8. Select Save to save the user directory. 

2. Set up a SCIM provisioning connection on Ping

You need admin rights on Ping to configure provisioning in an environment.

  1. Log in to the PingOne admin console and manage your environment.

  2. Go to Integrations > Provisioning.
  3. Click   New Connection.SCIM on Ping1.png
  4. On the Identity Store line, click Select.
  5. Find the SCIM Outbound tile, click Select, and then click Next.SCIM on Ping2.png
  6. Enter a name and description for this provisioning connection.
  7. Click Next.

  8. Enter the following information to Configure Authentication:

    SCIM BASE URL https://<your-haiilo-domain>/api/scim/v2
    SCIM Version 2.0
    Users Resource /Users
    Groups Resource /Groups
    Authentication Method OAuth 2 Client Credentials

    OAuth Token Request

    		 https://<your-haiilo-domain>/api/oauth/token

    Oauth Client ID

    		 The Client ID you copied from your SCIM user directory setup in Haiilo.

    Auth Type Header

    		 Bearer

    Oauth Client Secret

    		 The Client Secret you copied from your SCIM user directory setup in Haiilo.
  9. Click Next.
  10. Under Configure Preferences, all fields can stay as they are or be adjusted according to your setup needs. For example, you can decide which Actions you want to use. 

  11. Click Save to apply the provisioning connection.

  12. Finally, enable the SCIM connection by switching the toggle on.

SCIM on Ping3.png

3. Define a rule between Ping and Haiilo

  1. In Integrations > Provisioning, again click   New Rule.

  2. Enter a fitting name and click Create Rule.
  3. Select next to the connection established earlier and click Save.
  4. Configure User Filter:

    1. Select the pen icon next to User Filter to edit the user filters as per your organization's requirements. A user filter decides which users will get access to Haiilo. Add at least the following filter: 

      Attribute: Enabled Operator: Equals Value: true
    2. Click Save.SCIM on Ping4.png
  5. Configure Attribute Mapping
    1. The Attribute Mapping section can remain unchanged.

  6. Configure Group Provisioning:

    1. If you want to sync groups and group membership from Ping to Haiilo, select the pen icon next to Group Provisioning and choose the groups you want to sync. Otherwise, leave the section as is.SCIM on Ping5.png

  7. When you're ready, enable the new rule by toggling the switch on.

Congratulations! You've now successfully enabled SCIM provisioning. The sync will start automatically.

Was this article helpful?

0 out of 0 found this helpful