Wrike admins on Enterprise accounts can set up automatic user provisioning and deprovisioning for Wrike with OneLogin using SCIM protocol.
⏱ 3 min read
Set up Wrike with the System for Cross Identity Management (SCIM) standard to automatically provision or deprovision users based on their status in OneLogin.
Set Up Wrike with SCIM to Use:
- Automatic provisioning - OneLogin users are automatically provisioned for Wrike.
- Synced User Attributes - User attributes are automatically updated in Wrike when they are updated in OneLogin. View synced attributes.
- Automatic deactivation - Wrike users are automatically deactivated in Wrike when they are deactivated in OneLogin.
This page is about integrating Wrike with OneLogin SCIM, we have a separate page on how to set up SSO with OneLogin.
- Members added through SCIM are billable as soon as they're provisioned.
You must be an admin on a Wrike Enterprise account with the permission "Configure advanced security settings" as well as a OneLogin admin to set up Wrike with OneLogin SCIM. We recommend setting up SSO with SAML before proceeding.
Step 1: Add Approved Domains
Check out help page for how to add approved domains. Only users from approved domains will be automatically provisioned to Wrike.
Step 2: Find and Note the SCIM URL
- Open your Wrike Workspace.
- Click your profile picture in the view’s upper right-hand corner.
- Select Apps & Integrations.
- Click “Configure” next to OneLogin.
- Go to the SCIM tab.
- Copy the URL (displayed at the bottom of the pop-up) and save it somewhere. You’ll be using it in a few steps.
- Close the OneLogin pop-up (but stay in Wrike) and proceed to step 3.
Step 3: Obtain the OAUTH Token
- Click API from the left-hand side of the Apps & Integrations page.
- Enter a name in the “App name” field (we suggest OneLogin SCIM).
- Click “Create new”.
- Add an app description (optional).
- Scroll to the bottom of the page and click “Obtain token”.
- Copy the token and save it somewhere, you’ll need to enter this information in OneLogin.
Important! You’re only shown your token once, so make sure you save it somewhere.
Step 4: Finalize the Setup from OneLogin
- Sign in to your OneLogin domain at <yourorganization>.onelogin.com.
- Click Administration.
- Click Apps and select Company apps.
- Find and select “Wrike”.
- Switch to the "Configuration" tab.
- Add information
- In the SCIM Base URL field - add the url obtained in Step 2.
- In the SCIM Bearer Token field - add the token obtained in Step 3.
- Click “Enable” next to API status.
- Select the "Provisioning" tab.
- Select "Enable provisioning for SCIM Provisioner with SAML (SCIM v2)”.
- (optional) Specify if approvals are required and what should happen in case a user is deleted from OneLogin.
- Click Save.
- Ensure that any user/group who should be is assigned for Wrike.
The following attributes are synced from OneLogin to Wrike:
- Given name
- Family name
- Primary email
- Job Title
- Primary phone number
- Organization name
*This is a custom attribute, specifying the type of user in Wrike. Supported values: "Regular", "External" and "Collaborator". By default, Regular Users are created.
If certain user attributes (e.g. phone number, department, or secondary emails) are filled in in Wrike but missing in OneLogin, the information remains in Wrike even after user provisioning.
If a user does not get provisioned or deprovisioned,
- Check the System Log in the OneLogin administration portal to see if a SCIM provisioning attempt is listed there.
- If there is no provisioning attempt listed, make sure that users are properly assigned to Wrike’s application in OneLogin.
- If an error is listed, please contact our Support Team and provide error details.