You must be an Admin to access the SSO/SCIM page in Team Settings and to set up SSO for your team.
Enabling SSO through OneLogin
On OneLogin's Applications page, click Add App.
1. Search for "SCIM" and select SCIM Provisioner with SAML (Core Schema v1.1).
3. Save and go to the Configuration page in the left menu.
4. In a new tab, open the SSO/SCIM page in Guru.
5. Copy these values from Guru to OneLogin:
Audience URI -> SAML Audience URL
Single Sign On URL -> SAML Consumer URL
For SCIM Base URL enter: https://api.getguru.com/api/scim/v2
Entering this value does not enable SCIM but OneLogin requires this value to be filled in.
6. Save and go to the SSO page in the left menu.
7. Copy these values from OneLogin to the SSO/SCIM page in Guru:
Issuer URL -> Identity Provider Issuer
SAML 2.0 Endpoint (HTTP) -> Identity Provider Single Sign-On Url
In OneLogin under X.509 Certificate click View Details then copy the X.509 Certificate and paste into Guru.
8. At this point your Guru configuration should look like this:
9. Click Enable SSO in Guru.
Enabling SCIM through OneLogin
To also enable SCIM, follow these steps:
1. Open the SSO/SCIM page in Guru and where it says Authorize SCIM Provisioning, click the toggle on.
2. In another tab, go to the Configuration page in OneLogin for the Guru application.
3. On the Configuration page, enter these values:
For SCIM Base URL, you should already see:
For Custom Headers enter:
Copy the SCIM Username and SCIM Token fields from Guru, then paste both of these into OneLogin's SCIM Bearer Token field separated by a colon.
It'll look like this:
4. Under API Status, move the slider from Disabled to Enabled.
5. On the Parameters tab click the + to add a new parameter, then:
For Name, enter "externalId".
Check the boxes for Include in SAML Assertion and Include in User Provisioning and click Save.
For Value, select OneLogin ID and click Save.
If your OneLogin instance uses something other than email for Username, change the default value for the SCIM Username parameter from Username to Email.
6. Save the Parameters page.
7. On the Provisioning page, check Enable Provisioning and click Save.