With a subscription to Holaspirit Enterprise Plan, you can sync Holaspirit directly with your identity provider to enable automated provisioning and de-provisioning of your users and groups.

SCIM User Provisioning is included with Holaspirit Enterprise plan.

About User Provisioning

Automated user provisioning allows for a direct sync between your identity provider and your Holaspirit organization. You no longer need to manually create user accounts when someone joins the company or moves to a new team.

Automated de-provisioning reduces the risk of information breaches by removing access for those that leave your company. We automatically remove people when they leave the company or a group.

Configuration

SCIM User Provisioning is available on Holaspirit.

It works well with SAML. But they can also be used separately.

If you’d like to provision users with SCIM, you must complete these two steps:

  1. Request the SCIM token to [email protected]

  2. Configure SCIM in your IdP with the information:

    1. SCIM URL (or Tenant URL): https://app.holaspirit.com/api/scim/2.0

    2. Secret Token (Bearer): Provided in step 1

Note: If no licence is available in the subscription, the user account will be created as inactive. Admin can change the user's privilege later on.

Limitations

  • Soft-deleted is not implemented: Use hard delete or suspend

  • Groups are not implemented: Send only Users

Troubleshooting

If you experience this error:

{"schemas":["urn:ietf:params:scim:api:messages:2.0:Error"],"status":400,"detail":"{'emails': ['This field is required.']}"}

You should change the mapping of the User as below.

emails[type eq "work"].value needs to be mapped to userPrincipalName that is, if userPrincipalName is where the email is.

Did this answer your question?