Holaspirit

With a subscription to Holaspirit Enterprise Plan, you can sync Holaspirit  directly with your identity provider to enable automated provisioning and de-provisioning of your users.

🚀 SCIM User Provisioning is included with Holaspirit <a href="https://help.holaspirit.com/en/articles/6416867-how-does-holaspirit-s-enterprise-plan-work">Enterprise plan</a>.

___________________________________________________________

Automated user provisioning allows for a direct sync between your identity provider and your Holaspirit organization. You no longer need to manually create user accounts when someone joins the company or moves to a new team.

Automated de-provisioning reduces the risk of information breaches by removing access for those that leave your company. We automatically remove people when they leave the company.

SCIM User Provisioning is available on Holaspirit.

It works well with <a href="https://help.holaspirit.com/en/articles/1822898-how-to-configure-saml-authentication">SAML</a>. But they can also be used separately.

If you’d like to provision users with SCIM, you must complete these two steps:

First step: Copy your provisioning key from Administration -&gt; Users -&gt; Provisioning

Second step: Configure SCIM in your IdP with the information: 

SCIM URL (or Tenant URL): <code>https://app.holaspirit.com/api/scim/2.0</code>

Secret Token (Bearer): The provisioning key from the first step

1. SCIM URL (or Tenant URL): <code>https://app.holaspirit.com/api/scim/2.0</code>
2. Secret Token (Bearer): The provisioning key from the first step

Note: If no license is available in the subscription, the user account will be created as <a href="https://help.holaspirit.com/en/articles/1822912-les-differents-comptes-utilisateurs-sur-holaspirit">inactive</a>. Admin can <a href="https://help.holaspirit.com/en/articles/1822912-les-differents-comptes-utilisateurs-sur-holaspirit">change the user's privilege</a> later on.

Soft-deleted is not implemented: Use hard delete or suspend

Groups are not implemented: Send only Users

- Soft-deleted is not implemented: Use hard delete or suspend
- Groups are not implemented: Send only Users
   

In your IdP configuration you will have an "Attribute Mappings" section, that will tell which fields should be sent to Holaspirit.

Here is the list of fields that we will saved on Holaspirit:

addresses[type=work].value (will be saved to "Locations")

privilege (possible values: "<a href="https://help.holaspirit.com/en/articles/1822912-the-different-types-of-members#member">member</a>" or "<a href="https://help.holaspirit.com/en/articles/1822912-the-different-types-of-members#h_df5917cfa3">inactive</a>")

active (only available when updating a member, possible values: "true" or "false") when set to "false" the <a href="https://help.holaspirit.com/en/articles/1822953-how-to-edit-suspend-restore-or-delete-a-member-from-my-organization#h_eb33b6e10b">member will be suspended</a>

- email
- user.firstname
- user.lastname
- language
- timezone
- phones[type=work].value
- addresses[type=work].value (will be saved to "Locations")
- privilege (possible values: "<a href="https://help.holaspirit.com/en/articles/1822912-the-different-types-of-members#member">member</a>" or "<a href="https://help.holaspirit.com/en/articles/1822912-the-different-types-of-members#h_df5917cfa3">inactive</a>")
- active (only available when updating a member, possible values: "true" or "false") when set to "false" the <a href="https://help.holaspirit.com/en/articles/1822953-how-to-edit-suspend-restore-or-delete-a-member-from-my-organization#h_eb33b6e10b">member will be suspended</a>

If other fields are sent, we will ignore them silently.

You should change the mapping of the User as below.

<code>emails[type eq "work"].value</code> needs to be mapped to <code>userPrincipalName</code> that is, if <code>userPrincipalName</code> is where the email is.

About User Provisioning

Configuration

Limitations

Attribute Mappings

Troubleshooting