Go to Envoy
All Collections
Apps
Directory
OneLogin Application

OneLogin Application

Learn more about the OneLogin employee provisioning application and how it can automatically sync employees into your Envoy directory.
Rawee Gobena avatar
Written by Rawee Gobena. Updated over a week ago

To learn more about single sign-on, read our SAML guide.

How does this application work?

If your team uses OneLogin for employee provisioning, you can use this app to automatically keep your Envoy employee directory up to date. The SCIM push-based system treats the OneLogin directory as your source of truth. When changes are made in OneLogin, they push immediately to Envoy, so you don’t have to worry about the Envoy employee directory being out of sync with OneLogin.

Note: You can manually create new employees or add employees from other locations while maintaining your directory sync. This feature is helpful for contractors, temps or other people who may host visitors/receive deliveries but are not core team members. Learn more about manually adding employees.

A few notes on SCIM

The SCIM standard enables advanced provisioning in order to automate user lifecycle management for an application, including account creation, profile updates, authorization settings, and account deactivation.

If you’re using this new option from OneLogin and would like to update your Envoy + OneLogin application, please contact us and read on.

Enabling the Envoy + OneLogin employee provisioning application

Note: You’ll need to have OneLogin admin privileges to complete this installation. Either become an admin or ask your admin for help before completing these steps:

  1. Prepare to enable the Envoy + OneLogin employee provisioning application (with SCIM)

    1. Decide whether you’d like to sync all users to all locations or sync specific users per location. This will impact how you set up the app.

  2. Enable the Envoy + OneLogin employee provisioning (with SCIM) app

  3. Go to your Apps > All Apps, Navigate to the Directory and SSO tab.

  4. Select "Directory Settings", find the OneLogin logo and click “Install.”

Step three: Choose an employee sync filter

When you connect an OneLogin account, you have two options on how to sync employees to your directory. Choose the one that’s right for you:

  • Sync all employees: This is good for companies with one location, or if you prefer to have the same master Envoy employee directory at all locations within your company. 

  • Sync specific employees per location: Choose this option if you’d like to sync certain OneLogin users to certain locations (i.e., creating different Envoy employee directories per location).

  • You can filter employees by location in Envoy based on available filters like “City”. If your OneLogin account does not currently have City as a field, you will need to add it by navigating to the Users tab and clicking on Add Custom Field. Then you’ll need to manually map all users to the City field.

  • To sync users per location, you’ll have to select “Sync specific users per location” in your Envoy dashboard. Copy the new Bearer Token and paste it into the Bearer Token field in your OneLogin account.

  • To add a new location after the initial mapping, you’ll need to disconnect the app in your Envoy dashboard, add the new location, and then reconnect the app to OneLogin. Before doing so, ensure that your new location’s employees are mapped in your OneLogin directory. 

Step four: Configure OneLogin settings

  1. In your OneLogin account, navigate to your OneLogin dashboard.

  2. Click on Apps and then Add Apps.

  3. Find Envoy (SAML2.0, provisioning) in your app directory and add the app. 

  4. Click on the Envoy (SAML2.0, provisioning) icon and click Save.

  5. Now on the Envoy app configuration tab, copy the OAuth Bearer Token from Envoy and enter it in the API Token field in OneLogin. 

  6. Navigate to the Provisioning tab.

  7. Make sure that “Create Users,” “Update User Attributes,” and “Deactivate Users” are all set to disable (box not checked).

  8. Select “Delete User” on the dropdown field.

  9. Click on “Enable provisioning for Envoy”. 

  10. Click Save.

  11. Under the “More Options” button, click on “Reapply entitlement mappings”.

  12. Navigate back to the Envoy Employee directory > All employees and refresh.

    1. Your employees should have imported automatically. (This can take up to a few hours.)

Important notes

Regarding adding employees

  • When updating or adding employees, Envoy will match based on the primary email address listed for the OneLogin user. If the primary email address is not found in Envoy, a new employee will be added to the Envoy employee directory.

Regarding employee contact information

  • The primary email address and phone number listed in OneLogin will be the email address and phone number listed in the Envoy employee directory. If a OneLogin user does not have a primary email address, they will not be synced to the Envoy employee directory.

Regarding assistants

  • If you plan to assign assistants manually within the web dashboard, please reach out to Envoy Support prior to setting up SCIM syncing to configure this on your account.

Did this answer your question?