SCIM Automated Provisioning
Along with our SSO (Single Sign-On) integration, Moqups also offers automatic provisioning with SCIM (System for Cross-domain Identity Management).
SCIM allows IT departments to automate their user identity management process within an IDP. To set up SCIM you will need to generate an API Token in Moqups, and then add this to your IDP. You’ll find instructions for each of our supported IDPs below.
All Moqups Unlimited accounts can set up SCIM with their IDP.
To set up a SCIM integration, you’ll need Admin privileges for both Moqups and your chosen IDP.
Set up SCIM for OneLogin
To set up SCIM for OneLogin, you will first need to generate an API Token in Moqups, and then configure Automatic Provisioning in OneLogin itself.
- Generate an API Token:
- Go to the Apps and Notifications tab on your Moqups Dashboard’s Account page.
- In the SCIM Provisioning section of your Integration tab, click the Generate token button.
- Copy the API Token to your clipboard. You'll need this to complete the process in OneLogin.
- Configure Automatic Provisioning in OneLogin:
- To configure SCIM provisioning, you'll need your API Token from Moqups.
- Open the Moqups app in OneLogin.
- Go to the Configuration Tab for the Moqups app.
- Under API connection, enter your API Token in the SCIM Token field.
- Click the Enable option.
- Go to the Provisioning tab and check the box next to Enable provisioning.
- Select which provisioning actions you want to require admin approval for. You can choose to enable this for:
- Create user
- Delete user
- Update user
- From the dropdown, select the appropriate action for When users are deleted and for When user accounts are suspended in OneLogin.
Set up SCIM for Okta
This section provides an overview and the steps required to configure SCIM in both Moqups and Okta.
Contents
- Features
- Requirements
- Step-by-Step Configuration Instructions
- Troubleshooting Tips
Features
The following provisioning features are supported by the Moqups integration with Okta:
- Create Users: New users created through Okta will also be created in Moqups.
- Import Users: Users created in Moqups can be imported into Okta, and either matched against existing Okta users or created as new Okta users.
- Update User Attributes: Updates made to the user's profile through Okta will be pushed to Moqups.
- Deactivate Users: When an organization deactivates a user through Okta, that user loses access to the entirety of that organization’s Moqups account, including their dashboard, projects, and teams. However, the user still retains access to their own, personal Moqups account.
- Reactivate Users: User accounts can be reactivated in Moqups.
Currently, Moqups does not support the following Okta provisioning features, but we may in the future:
- Remove users*
- Import /Push Groups
- Sync password
*Removing users (as opposed to deactivating them) is supported by Moqups, but not by Okta.
Requirements
Step-by-Step Configuration Instructions
- Generate an API Token:
- Make sure that you are subscribed to a Moqups Unlimited Plan.
- Go to the Apps and Notifications tab on your Moqups Dashboard’s Account page.
- In the SCIM Provisioning section of your Integration tab, click the Generate token button.
- Copy the API Token to your clipboard. You'll need this to complete the process in Okta.
- Configure Automatic Provisioning in Okta:
- To configure SCIM provisioning, you'll need your API Token from Moqups.
- Open the Moqups app in Okta.
- Select the Sign On tab and click Edit.
- Choose Email for the Application username format.
- Click Save to apply.
- Go to the Provisioning tab in the Moqups app.
- In the Settings panel on the left, select Integration.
- Click Configure API Integration
- Select the Enable API Integration checkbox
- Enter the API Token provided by Moqups
- Click Test API Credentials to ensure it's set up correctly.
- When you get a success message, click Save to apply.
- Select the To App tab in the Settings panel.
- Choose the Provisioning Features that you want to enable.
- Click Save to apply.
Troubleshooting Tips
Microsoft Azure AD SCIM configuration
This section provides an overview and the steps required to configure SCIM in both Moqups and Azure AD.
To set up SCIM for Azure, you will first need to generate an API Token in Moqups, and then configure Automatic Provisioning in Azure itself.
- Generate an API Token
- Go to the Apps and Notifications tab on your Moqups Dashboard’s Account page.
- In the SCIM Provisioning section of your Integration tab, click the Generate token button.
- Copy the API Token to your clipboard. You'll need this to complete the process in Azure.
- Configure Automatic Provisioning in Azure
- To configure SCIM automatic provisioning, you'll need your API Token from Moqups.
- In your Azure Portal go to Enterprise Applications > All Applications
- Select the Moqups app.
- Go to the Manage section and select Provisioning.
- Set the Provisioning Mode to Automatic.
- In the Admin Credentials section:
- Enter this URL in the Tenant URL field: https://api.moqups.com/scim/v2
- Enter the API Token in the Secret Token field.
- Click Test Connection to make sure Azure AD can connect to Moqups.
- Enter the desired email address in the Notification Email field.
- Check the box next to Send an email notification when a failure occurs and click Save to apply.
- In the Mappings section, select Synchronize Azure Active Directory Users to Moqups.
- Click the Save button to apply any changes.
- Under Settings, toggle the Provisioning Status to ‘On’.
- Define which users and/or groups you would like to provision to Moqups. Choose from:
- Sync all users and groups
- Sync only assigned users and groups
- Click Save to apply your provisioning settings.