Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Automated User Provisioning with OneLogin

One Identity
07/15/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Now we operate off the SCIM protocol here, so if your application supports SCIM, you're probably in pretty good hands. What we're able to do here is mess with the different attributes that we're going to push down into those applications. So maybe we're able to take a standard attribute like FirstName and push it into the application as FirstName. Or maybe with something like Username, we need to do a little bit of a transform. So Username equals FirstName.LastName. However, we're still able to take those components and attributes inside of one login and push them into the downstream applications. On top of just attribute assignment, we are also able to do things like entitlements based on what the application supports. So when we look at user provisioning for onboarding, de-provisioning for offboarding, or maybe just an update around someone who has a change of name or change of title, all of these different scenarios, we can work with those applications. When looking at those different types of tasks, we can either allow them to be performed automatically, or check one of these boxes to put an admin approval in front of that option. We can also set default behavior. So if a user is deleted in one login, what do we want to automatically do in that app? And same thing if the user is suspended. All of these different actions allow us to not only make onboarding more efficient, but it helps improve security and costs around offboarding. That way we're not leaving orphaned accounts out there that can be accessed, and we can recoup licenses for an application where a user is no longer accessing it. When it comes to the provisioning component, we can keep things vague, or we can get specific with our rules. So maybe I want everyone to be assigned the same type of license inside of this downstream application. Or maybe, in the example of this rule I have, I want to give someone a different license based on their privilege. So I'm looking at my user's title, and if it equals manager, I'm going to give them a different license than maybe I would give to my typical end user. You can add multiple rules here and have different conditions and outputs. What it looks like in action is here I am creating a new user, and I'm going to give them a certain department which will assign them applications like Office 365 that are configured for provisioning. So as soon as I create this user, I can go over to their application page and see that Office 365 is ready to provision. Now I have an admin approval in front of this task, so I'll open it up and go ahead and approve it. Now that the user has been successfully provisioned, they could access that application and already have a license in front of it. Now just as easily from the offboarding perspective, if I were to suspend or delete this user, we can see that I'll now have a provisioning task to delete this user. I'll go ahead and approve that and recoup my licenses that could have been floating out there and making sure that I don't have an Office 365 account that is just floating without being used.

TL;DR

  • OneLogin automates user provisioning and deprovisioning to downstream applications using SCIM protocol, supporting attribute mapping and transformation for seamless integration.
  • Administrators can configure approval workflows for provisioning tasks and set default behaviors for user deletion and suspension across connected applications.
  • The platform helps improve security by preventing orphaned accounts and reduces costs by automatically recouping licenses when users are offboarded or suspended.

Summary

This demonstration showcases OneLogin's identity lifecycle management capabilities, focusing on automated user provisioning and deprovisioning through SCIM protocol integration. The walkthrough covers attribute mapping and transformation, where standard fields like FirstName can be pushed directly to downstream applications or transformed using formulas such as Username equals FirstName.LastName. The platform supports configurable workflows for onboarding, offboarding, and user updates, with optional admin approval gates for sensitive operations. Default behaviors can be established for user deletion and suspension scenarios, ensuring consistent handling across integrated applications. The demo illustrates practical implementation through a live user creation and deletion cycle with Office 365, demonstrating how provisioning tasks flow through approval workflows and how license reclamation occurs automatically during offboarding to prevent orphaned accounts and reduce unnecessary software costs.

Chapters

0:00 - Identity Lifecycle Management Overview
0:46 - Entitlements and Provisioning Options
1:48 - Rule-Based Provisioning Configuration
2:20 - Live Provisioning Demonstration

Key Quotes

0:09 "Now we operate off the SCIM protocol here, so if your application supports SCIM, you're probably in pretty good hands."
1:30 "All of these different actions allow us to not only make onboarding more efficient, but it helps improve security and costs around offboarding."
1:39 "That way we're not leaving orphaned accounts out there that can be accessed, and we can recoup licenses for an application where a user is no longer accessing it."

FAQ

What protocol does OneLogin use for automated provisioning?

OneLogin uses the SCIM (System for Cross-domain Identity Management) protocol for automated user provisioning and deprovisioning. If your application supports SCIM, it can integrate with OneLogin's identity lifecycle management capabilities.

Can provisioning actions require approval before execution?

Yes, administrators can configure approval workflows for provisioning tasks. You can choose to allow actions like user creation, updates, or deletion to be performed automatically, or require admin approval before the action is executed in the downstream application.


Categories:
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Identity & Access
  • Demo
  • Getting Started
  • Security Operations
  • Identity Lifecycle Management
  • Automated User Provisioning
  • SCIM Protocol
  • User Deprovisioning
  • Attribute Mapping
  • License Management
  • Approval Workflows
  • Orphaned Account Prevention
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Automated User Provisioning with OneLogin

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies for Effective Data Privacy and Protection
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-for-effective-data-privacy-and-protection/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version