You must be an Admin to access the SSO/SCIM page in Team Settings and to set up SSO for your team.
Enabling SSO through OneLogin
On OneLogin's applications page, click Add App.
1. Search for "scim" and select SCIM Provisioner with SAML (Core Schema v1.1)
3. Save and go to the Configuration page in the left menu.
4. In a new tab, open https://app.getguru.com/settings/sso
6. Copy these values from Guru to OneLogin:
- Audience URI -> SAML Audience URL
- Single Sign On URL -> SAML Consumer URL
- For SCIM Base URL enter: https://api.getguru.com/api/scim/v2
Entering this value does not enable SCIM but OneLogin requires this value to be filled in.
7. Save and go to the SSO page in the left menu.
8. Open https://app.getguru.com/settings/sso in a new tab and copy these values over from OneLogin:
- Issuer URL -> Identity Provider Issuer
- SAML 2.0 Endpoint (HTTP) -> Identity Provider Single Sign-On Url
- In OneLogin under X.509 Certificate click View Details then copy the X.509 Certificate and paste into Guru.
8. At this point your Guru configuration should look like this:
9. Click Enable SSO.
Enabling SCIM through OneLogin
To also enable SCIM, follow these steps:
- Open https://app.getguru.com/settings/sso and where it says Authorize SCIM Provisioning, click the toggle on.
- In another tab, go to the configuration screen in OneLogin for the Guru application.
- On the Configuration page, enter these values:For SCIM Base URL enter:
https://api.getguru.com/api/scim/v2/For Custom Headers enter:
Content-Type: application/scim+jsonCopy the SCIM Username and SCIM Token fields from Guru, then paste both of these into OneLogin's SCIM Bearer Token field separated by a colon. It'll look like this:
- On the Parameters tab click the + to add a new parameter, then:For Name enter: externalIdFor Value select: OneLogin IDCheck the boxes for Include in SAML Assertion and Include in User Provisioning
- On the Provisioning page, check Enable Provisioning and save.