You must be an Admin to access the SSO/SCIM page in Team Settings and to set up SSO for your team.

Enabling SSO through OneLogin

On OneLogin's Applications page, click Add App.

1. Search for "SCIM" and select SCIM Provisioner with SAML (Core Schema v1.1).

Setting up OneLogin SSO for Guru

2. Enter "Guru" as the Display Name and download the linked Rectangular icon and Square icon files to use as icons.

3. Save and go to the Configuration page in the left menu.

4. In a new tab, open the SSO/SCIM page in Guru.​

5. Copy these values from Guru to OneLogin:

Entering this value does not enable SCIM but OneLogin requires this value to be filled in.

6. Save and go to the SSO page in the left menu.

7. Copy these values from OneLogin to the SSO/SCIM page in Guru:

  • Issuer URL -> Identity Provider Issuer

  • SAML 2.0 Endpoint (HTTP) -> Identity Provider Single Sign-On Url

  • In OneLogin under X.509 Certificate click View Details then copy the X.509 Certificate and paste into Guru.

8. At this point your Guru configuration should look like this:

Setting up OneLogin SSO for Guru

9. Click Enable SSO in Guru.

Enabling SCIM through OneLogin

To also enable SCIM, follow these steps:

1. Open the SSO/SCIM page in Guru and where it says Authorize SCIM Provisioning, click the toggle on.

2. In another tab, go to the Configuration page in OneLogin for the Guru application.

3. On the Configuration page, enter these values:

  • For SCIM Base URL, you should already see: https://api.getguru.com/api/scim/v2/.

  • For Custom Headers enter: Content-Type: application/scim+json.

  • Copy the SCIM Username and SCIM Token fields from Guru, then paste both of these into OneLogin's SCIM Bearer Token field separated by a colon.
    It'll look like this: c3a6408-207a-4508-92a3-d923cbcff50d:9aa5ac6f-aa10-41d2-87d3-4d09d830c109.

4. Under API Status, move the slider from Disabled to Enabled.

5. On the Parameters tab click the + to add a new parameter, then:

  • For Name, enter "externalId".

  • Check the boxes for Include in SAML Assertion and Include in User Provisioning and click Save.

  • For Value, select OneLogin ID and click Save.

❗️ Important

If your OneLogin instance uses something other than email for Username, change the default value for the SCIM Username parameter from Username to Email.

6. Save the Parameters page.

7. On the Provisioning page, check Enable Provisioning and click Save.

📑 Related articles

Did this answer your question?