Sync Data to User Reference Input Type Using SCIM with OneLogin

Learn how to configure SCIM mapping to provision user reference input type for profile fields.

Employee App
Front Door Intranet

In this article, you will learn how to configure System for Cross-domain Identity Management (SCIM) mapping, using OneLogin as the identity provider (IdP), to configure mapping to provision user reference input type as a profile field.

This article shows OneLogin as the IdP to configure SCIM. The same is applicable for managing SCIM using other IdPs. Learn more about other supported IdPs.


Add new mapping for user reference input type

You need to open the SCIM JSON template of the application you created in OneLogin for user provisioning in order to add a new mapping for the user reference input type.

  1. In OneLogin, navigate to the JSON template that contains the SCIM mappings.
    See Creating Custom Attributes in OneLogin.
  2. To add a new attribute using the user reference, for example a manager, add the following in the JSON template as shown in the code snippet:
  • Qualified SCIM name in Staffbase: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value (incl. the .value extension)
  • JSON attribute in OneLogin (line 18-24): {"manager":{"value":"{$parameters.external_manager_id}"}}
  • JSON schema in OneLogin (line 4): urn:ietf:params:scim:schemas:extension:enterprise:2.0:User
2 "schemas": [
3 "urn:scim:schemas:core:2.0",
4 "urn:scim:schemas:extension:enterprise:2.0"
5 ],
6 "externalId": "{$}",
7 "name": {
8 "familyName": "{$user.lastname}",
9 "givenName": "{$user.firstname}"
10 },
11 "emails": [
12 {
13 "value": "{$}",
14 "type": "work",
15 "primary": true
16 }
17 ],
18 "urn:scim:schemas:extension:enterprise:2.0": {
19 "manager": {
20 "value": "{$parameters.external_manager_id}"
21 }
22 }

The external_manager_id field in the OneLogin user profile must match the Staffbase identifier or Staffbase user ID (not the username) of the corresponding manager user profile. The Staffbase identifier for the OneLogin SSO/SAML/SCIM implementation is typically the OneLogin User ID.

If you are adding the mapping for a custom profile field, you need to create the custom attribute and paste it into the Qualified SCIM name field for the custom field in the Staffbase Studio.
The schema will look like this: urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value.
Ensure to add the .value at the end, which is not part of the target attribute schema.

  1. Click Save to save the custom attribute you added.

You have configured mapping to provision user reference input type as a profile field. With the next provisioning, the custom field is updated in Staffbase.