> ## Documentation Index
> Fetch the complete documentation index at: https://forest-chore-open-api.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# SCIM Integration with OneLogin

> Automate user management by integrating OneLogin's SCIM provisioning with Forest

<Warning>
  Enabling SCIM disables Forest user editing. All user management must be done through OneLogin.
</Warning>

## Supported Features

The OneLogin SCIM integration enables:

* User provisioning from OneLogin to Forest
* Updating user role, permission level, and tags
* Deleting users when removed from the Forest app in OneLogin
* SCIM Groups for team assignment

## Configuration Steps

### 1. Adding the Forest App

Navigate to OneLogin's Application tab, select "Add App," then search for and select "SCIM Provisioner with SAML (SCIM v2 Core)."

### 2. Authentication Setup

Name your app, then enable User provisioning in Forest project settings. This generates a token to paste into OneLogin.

### 3. SCIM Base URL

Add this endpoint: `https://api.forestadmin.com/scim`

### 4. JSON Template Configuration

The SCIM template includes user schemas with custom Forest parameters for permissionLevel, role, tags, and teams.

### 5. Custom Parameters

* **permissionLevel**: Must match existing Forest permission level exactly
* **role**: Must match existing project role exactly
* **teams**: Comma-separated team names (e.g., "Operators,Support")
* **tags**: Key/value pairs separated by semicolons (e.g., "regions:France,Italie;job:developer")

### 6. Mapping Rules

Create rules to automatically provide mandatory parameters (role, permissionLevel) and optional tags.

### 7. Custom User Attributes

Add custom fields in the Users tab under "Custom User Fields" to base mapping rules on.

### 8. SCIM Groups Management

Refresh entitlements to fetch OneLogin roles, then create mapping rules between OneLogin roles and Forest teams.
