All Collections
Integrations & Embeds
SAML & SCIM
SSO & provisioning with OneLogin
SSO & provisioning with OneLogin

Give your team easy access to Slab with our OneLogin integration

Updated over a week ago

Slab supports SSO with OneLogin via SAML 2.0, as well as user and group provisioning with SCIM, allowing your team to access Slab securely.


Supported features

Our OneLogin integration supports the following features:

SAML 2.0

  • SP-initiated SSO

  • IdP-initiated SSO

  • JIT (just in time) provisioning

SCIM Provisioning

  • Create Users

  • Update Users

  • Deactivate Users

  • Group Push


Requirements

You must have a OneLogin account and be on the Business or Enterprise plan for Slab.


Configuration steps

In this topic:


Step 1: Add Slab app to OneLogin

1. Log in to OneLogin and from the homepage, click Administration.

2. Hover over Applications and click Applications from the dropdown menu.

3. Click Add app in the top-right corner.

4. Search for Slab and click on the version below (SAML 2.0, Provisioning):

5. Click Save in the top-right corner to add Slab. The app will now be added to your OneLogin team but it is still not ready for use.

6. Open Slab app (if not already open) and in the top-right corner, click More Actions and select SAML Metadata to download the IdP Metadata XML file. Open this file using any text editor, and copy its contents.


Step 2: Enable Integration in Slab

  1. Click your team name in the top-left corner of the sidebar.

  2. Click Team settings in the dropdown menu.

  3. Click Integrations in the left sidebar.

  4. Find OneLogin and click Enable.

  5. In the modal, paste in the contents of the IdP Metadata file you previously downloaded.

  6. Click Enable Integration.

  7. The page will refresh, and you'll see a new modal with two tabs: Authentication and Provisioning.

  8. Make a note of your Org ID in the Authentication Tab. We will use this to configure the Slab app in OneLogin.

  9. (Optional) If you want to enable provisioning with SCIM, check the Enable SCIM Provisioning checkbox under the Provisioning Tab, and also copy/note your SCIM API Token before saving the integration settings.

✏️ Note: SCIM Provisioning is optional but highly recommended.


Step 3: Configure the app

1. Back in OneLogin, open the Slab App.

2. Under the Configuration section, paste your Org ID under Application Details.

3. (Optional) If you want to enable SCIM provisioning, paste in your SCIM Token as well and click the Enable button under API Connection.

4. (Optional) Under the Provisioning section, check the Enable Provisioning checkbox, also for SCIM.

7. Click Save to update the Slab app settings.


Step 4: Map OneLogin Roles to Slab Groups

⚠️ Be aware:

  1. This step is optional and only needs to be performed if you have configured User Roles in OneLogin and want to map them directly to Groups in Slab for easy topic access management.

  2. Slab Groups are more similar to OneLogin Roles, whereas OneLogin Groups are a different concept that does not map to any SCIM entity.

1. Ensure that you have followed all the optional steps for SCIM provisioning earlier.

2. Create or find the role(s) you want to map to a Group in Slab, and note down their name exactly.

3. Under the Parameters section, click on the Groups field.

4. In the new modal, check the Include in User Provisioning checkbox and click Save to close the modal.

5. Under the Rules section, click on the Add Rule button.

6. In the new modal, name it Group Mapping for [ROLE_NAME].

7. Under Actions, select Set Groups in Slab. In the second dropdown, select role, and in the text input, enter the name of the role exactly. If you want to map any or all roles assigned to the app, you can instead enter .* in the field.

8. Click the Save button in the modal to close it.

9. Repeat these steps for each Role you want to map to a Slab Group, adding a new rule/mapping for each.

10. Click the Save button in the top-right corner to save the app settings.


Step 5: Enable User Types

✏️ Note: This step is optional, but allows you to set the Slab user type from OneLogin (e.g. you can configure if provisioned users should be admins, guests, or just regular users in Slab).

1. Under the Parameters section, click on the userType field.

2. In the new modal, check both of the following checkboxes:

  • Include in User Provisioning

  • Skip if value is blank

3. You may optionally want to set a default value but is unnecessary for regular users. Click Save to close the modal.

4. Under the Rules section, click on the Add Rule button.

5. Similar to the previous section, we will define rules to determine when a user should be an Admin or a Guest in Slab. The simplest way to do so is to match against user emails, but it's also possible to add conditions that check if a user is assigned to certain roles or groups, or has some text in their title, etc. In this guide, we'll use email as an example.

6. Under Conditions in the modal, add a new condition. Select Email from the first dropdown, and set it Equals to the email of a user.

7. Under Actions, select Set userType (...) in Slab in the dropdown. In the second dropdown, select Macro. In the new text input that appears next to it, you can put one of the following values as-is:

  • admin for making the user an Admin in Slab

  • guest for making the user a Guest in Slab

⚠️ Be aware: The userType value must be exactly one of the above. Otherwise, the provisioning will fail with errors.

8. Click the Save button in the modal to close it.

9. Repeat these steps for each rule you want to define for configuring user type in Slab.

10. Click the Save button in the top-right corner to save the app settings.


Step 6: Provision Users and Groups (Roles)

Now that, your Slab app is correctly configured, it's time to assign users (or roles) to it.

  • For individual users, go to the User profile and under Applications, assign the Slab app to the user.

  • For roles, go to the Role page, and under Applications, assign the Slab app to the role.

Back in the Slab app in OneLogin, under Users section, you'll see users (directly assigned or member of the roles assigned) marked as Pending. Click each user and click Approve.


Troubleshooting

Missing Features

If you're missing features from your Slab integration in OneLogin (SCIM Provisioning for example), there could be a few reasons:

  1. You might be on an older version. You can reinstall the integration by following the steps above, and then remove the old Slab app from your OneLogin applications.

  2. You will need the Advanced Directory add-on to use provisioning in OneLogin. More info here.

Other Issues

Having issues setting up the integration? Contact support@slab.com for help.

Did this answer your question?