Splashtop supports users provisioning from OneLogin via SCIM, please follow the below steps to set up.
Configuration Steps
Step 1: Manually add a SCIM app for Splashtop
- After logging in the OneLogin console using your OneLogin domain and account.
- Click Administration to go to your admin console.
- Go to Applications / Applications to click Add app button.
-
Search for SCIM Provisioner with SAML (SCIM v2 Enterprise, full SAML) (You can rename the app later).
Step 2: Configure the app
- Go to Configuration and add the SAML settings below:
- SAML Audience URL: https://my.splashtop.eu
- Recipient: https://my.splashtop.eu/sso/saml2/onelogin/acs
- ACS (consumer) URL Validator: https://my.splashtop.eu/sso/saml2/onelogin/acs
- ACS (consumer) URL: https://my.splashtop.eu/sso/saml2/onelogin/acs
- Login URL: https://my.splashtop.eu/login/sso
- Stay in Configuration, enable the API, add the SCIM Base url
- SCIM Base URL: https://my.splashtop.eu/scim/v1
Edit the SCIM JSON Template with the following:
"ssoName":"{$parameters.ssoName}"
- Go to Parameters and click on scimusername to change the field to Email.
- Still on the same page, add a custom field ssoName with a value set to MACRO. Enter the SSO name set via Splashtop under MACRO. Make sure the "Include in User Provisioning" case is checked.
- Go to SSO change SAML Signature Algorithm to be SHA-256 then click Save.
- Go to my.splashtop.com / Account info / Team tab to click Apply for new SSO method. Select OneLogin as the IDP Type.
- Insert the info accordingly from the app created above.
- For X.509 certificate. By clicking View Details, click the copy icon to copy X.509 info then past it to the field on my.splashtop.com.
- Go to Provisioning and enable provisioning.
-
On the same page, click on Refresh, to make sure every changes are applied.
Step 3: Add user / push groups
Add users
- Go to users and on the user page, add the app you just created.
- When provisioning the user, make sure the ssoName field is completed with the SSO name you set on Splashtop. Click save.
- Now, click on Pending and approve the provision.
Push groups
- Go to the app you created and click Parameters. Click on groups and include user provisioning. Save.
- Go to users, roles and click on new role. This will be used as groups on the Splashtop's side. Give the role a name that will be the group's name within Splashtop.
- Go to the role you created and click users. Enter the user you want to provision in this group (you can select multiple users), click check and add to this role.
- Go back to the app you created and click Rule and add a rule.
- Name the rule and select map from OneLogin. Make sure it is on "For each ROLE with value that matches" and enter then the exact same name as the Role you created previously. Save.
- You just now need to approve the provisioning within the provisioning tab and the groups will be pushed within Splashtop.
Issues and troubleshooting
- When provisioning, you could see the following error:
Please check:
- In Parameters -> SCIM Json Template -> the correct ssoName entry is as followed:
"ssoName":"{$parameters.ssoName}"
- In the user provisioning window, make sure the scimusername and ssoName fields are correctly entered.