OneLogin - Creating Custom Attributes for SCIM User Provisioning

Learn how to create and map custom attributes as a part of user provisioning to the Staffbase platform using SCIM.

In this article, you will learn how to create and map custom attributes to provision users from your identity provider to the Staffbase platform using SCIM.

You can define the SCIM schema for user attributes and extend it with custom attributes. These custom attributes can be specific to your Staffbase platform users.

For example, you can create additional custom profile fields to record your users' skills in the Staffbase platform. If you want to automatically provision values to a custom profile field using SCIM, do the following:

  1. Create a custom attribute in your identity provider.
  2. Copy the custom attribute and paste it into the Qualified SCIM name field for the custom field in the Staffbase Studio.

The schema for creating the custom attributes is urn:ietf:params:scim:schemas:extension:{{CompanyName}}:2.0:User:{{CustomAttribute}}, you need to input the values within {{ }}.
Here, CompanyName is the name of your company and CustomAttribute is the name you want to give the new custom attribute that you want to create.
If your CompanyName is showcase and the custom attribute you want to create is custom_department.
The schema will look like this: urn:ietf:params:scim:schemas:extension:showcase:2.0:User:custom_department.

Prerequisites

  • SCIM is already activated for your organization.
  • You have already set up the default mapping in OneLogin.
  • You have the permissions required to create custom attributes in your identity provider.

The schema for creating custom attributes is the same for all Staffbase supported identity providers. Learn more about the identity providers that Staffbase supports.

Create custom attributes in OneLogin

In the same section where you configured your default mappings, you can also add custom attributes to provision information to custom profile fields in Staffbase.

  1. In OneLogin, go to Administration.
OneLogin Administation
  1. Click Applications > Applications.
OneLogin Applications Menu
  1. Select your existing application for the Staffbase SSO/SAML configuration by filtering the overview and clicking on the name.
OneLogin Select App
  1. Under Configuration, navigate to API. The JSON Template contains the SCIM mappings:
OneLogin SCIM JSON
  1. Customize the JSON template according to your business needs.
    See Default template and the example of how to add additional attributes to a template.
  2. Click Save to save the customization you added.

Default template

The minimum default mapping required for Staffbase contains the following attributes:

  • externalId
  • Firstname
  • Lastname
  • Email

The JSON template for the attributes looks like this:

1{
2  "schemas": [
3    "urn:scim:schemas:core:2.0",
4    "urn:scim:schemas:extension:enterprise:2.0"
5  ],
6  "externalId": "{$user.id}",
7  "name": {
8    "familyName": "{$user.lastname}",
9    "givenName": "{$user.firstname}"
10  },
11  "emails": [
12    {
13      "value": "{$user.email}",
14      "type": "work",
15      "primary": true
16    } 
17  ]
18}

Add additional attributes

An example of an additional attribute custom_department for the company name showcase.

Example department custom attribute

  • Full schema for the Qualified SCIM name: urn:ietf:params:scim:schemas:extension:{CompanyName}:2.0:User:{CustomField}
  • {CompanyName}: showcase
  • {CustomField}: custom_department
  • Qualified SCIM name in Staffbase: urn:ietf:params:scim:schemas:extension:showcase:2.0:User:custom_department
  • New JSON schema: urn:ietf:params:scim:schemas:extension:showcase:2.0:User
  • New JSON attribute: custom_department as part of urn:ietf:params:scim:schemas:extension:showcase:2.0:User

Add the following to the template as shown in the example below:

  • custom schema to the JSON (line 5): urn:ietf:params:scim:schemas:extension:showcase:2.0:User
  • custom attribute to the JSON (line 19-21): urn:ietf:params:scim:schemas:extension:showcase:2.0:User:custom_department
1{
2  "schemas": [
3    "urn:scim:schemas:core:2.0",
4    "urn:scim:schemas:extension:enterprise:2.0",
5    "urn:ietf:params:scim:schemas:extension:showcase:2.0:User"
6  ],
7  "externalId": "{$user.id}",
8  "name": {
9    "familyName": "{$user.lastname}",
10    "givenName": "{$user.firstname}"
11  },
12  "emails": [
13    {
14      "value": "{$user.email}",
15      "type": "work",
16      "primary": true
17    } 
18  ],
19  "urn:ietf:params:scim:schemas:extension:showcase:2.0:User": {
20        "custom_department": "{$parameters.department}",
21  }
22}

Configure SCIM attribute for a custom profile field

Now, you can give the custom attribute schema you created to the Staffbase administrator, who can configure the custom profile field. Learn more.

In the above example, the custom attribute schema looks like this: urn:ietf:params:scim:schemas:extension:showcase:2.0:User:custom_department

Additional helpful information