You must be an Admin to access the SSO/SCIM page in Team Settings and to set up SSO for your team.

Enabling SSO through OneLogin

On OneLogin's applications page, click Add App.

1. Search for "scim" and select SCIM Provisioner with SAML (Core Schema v1.1)

Setting up OneLogin SSO for Guru

2. Enter "Guru" as the Display Name and upload these icons:
Rectangular icon: https://help.getguru.com/assets/images/logo.svg
Square-shaped icon: guru_logo_1200px.png

3. Save and go to the Configuration page in the left menu.
4. In a new tab, open https://app.getguru.com/settings/integrations/sso-scim​

6. Copy these values from Guru to OneLogin:

Entering this value does not enable SCIM but OneLogin requires this value to be filled in.

7. Save and go to the SSO page in the left menu.

8. Open https://app.getguru.com/settings/integrations/sso-scim in a new tab and copy these values over from OneLogin:

  • Issuer URL -> Identity Provider Issuer

  • SAML 2.0 Endpoint (HTTP) -> Identity Provider Single Sign-On Url

  • In OneLogin under X.509 Certificate click View Details then copy the X.509 Certificate and paste into Guru.

8. At this point your Guru configuration should look like this:

Setting up OneLogin SSO for Guru

9. Click Enable SSO.

Enabling SCIM through OneLogin

To also enable SCIM, follow these steps:

  1. Open https://app.getguru.com/settings/integrations/sso-scim and where it says Authorize SCIM Provisioning, click the toggle on.

  2. In another tab, go to the configuration screen in OneLogin for the Guru application.

  3. On the Configuration page, enter these values:
    For SCIM Base URL enter: https://api.getguru.com/api/scim/v2/
    For Custom Headers enter: Content-Type: application/scim+json
    Copy the SCIM Username and SCIM Token fields from Guru, then paste both of these into OneLogin's SCIM Bearer Token field separated by a colon.
    It'll look like this: 8c3a6408-207a-4508-92a3-d923cbcff50d:9aa5ac6f-aa10-41d2-87d3-4d09d830c109

  4. On the Parameters tab click the + to add a new parameter, then:
    For Name enter: externalId
    For Value select: OneLogin ID
    Check the boxes for Include in SAML Assertion and Include in User Provisioning

  5. On the Provisioning page, check Enable Provisioning and save.

Did this answer your question?