This guide walks workspace administrators through configuring SCIM provisioning between OneLogin and Fellow, enabling automated user lifecycle management across your organization.
Supported Features
Feature | Description |
Create Users | New users added to OneLogin are automatically provisioned in Fellow. |
Update User Attributes | Profile changes in OneLogin are synced to Fellow for all users assigned to the application. |
Deactivate Users | Deactivating a user in OneLogin prevents them from signing in to Fellow and marks their account as Inactive. |
Reactivate Users | Reactivating a user in OneLogin restores their access to Fellow and marks their account as Active. |
Group Push | OneLogin groups can be synced to Fellow as Teams. |
Requirements
A Fellow account on an Enterprise plan with SCIM enabled
A Fellow workspace administrator account
A OneLogin administrator account (or coordination with your IT team)
Part 1: Enable SCIM in Fellow
Sign in to Fellow using a workspace administrator account.
Navigate to Settings β Account Integrations and select the SCIM card.
Click the Connect button in the top-right corner of the page.
On the configuration form that appears, click Regenerate Token and confirm the action when prompted.
Copy the generated SCIM token and store it securely, you will need it in the next section.
Part 2: Configure SCIM in OneLogin
2.1 Add the SCIM Application
Sign in to your OneLogin account and navigate to Applications at: https://<your_workspace>.onelogin.com/admin2/apps
Click Add App.
In the search field, enter SCIM and select SCIM Provisioner with SAML (SCIM v2 Enterprise).
Enter the basic application details and click Save.
2.2 Configure the Application
On the application detail page, navigate to the Configuration tab.
Set http://fellow.app/scim/v2 as a "SCIM Base URL"
Set the SCIM Base URL to: http://fellow.app/scim/v2
Paste the following into the SCIM JSON Template field:
{
"schemas": [
"urn:scim:schemas:core:2.0",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"userName": "{$parameters.scimusername}",
"name": {
"familyName": "{$user.lastname}",
"givenName": "{$user.firstname}",
"formatted": "{$user.display_name}"
},
"emails": [{
"value": "{$user.email}",
"type": "work",
"primary": true
}],
"title": "{$parameters.title}",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": {
"department": "{$parameters.department}",
"manager": {
"value": "{$parameters.managerEmail}",
"displayName": "{$user.manager_firstname} {$user.manager_lastname}"
}
}
}
4. Paste the SCIM token copied from Fellow into the SCIM Bearer Token field.
5. Click Save, then click Enable on the same page.
2.3 Configure Provisioning Parameters
Navigate to the Parameters tab and click the + button to add a new parameter.
In the Field name field, enter managerEmail.
Check the Include in User Provisioning checkbox and click Save.
In the dialog that follows, set the related field to Manager Email and click Save.
Click on the SCIM Username field and set its value to Email, then click Save.
The resulting Parameters tab should include both managerEmail and SCIM Username mapped as described above.
2.4 (Optional) Configure Group Sync
To sync OneLogin groups to Fellow as Teams, add custom rules via the OneLogin groups sync configuration. Refer to OneLogin's documentation for detailed instructions.
2.5 Enable Provisioning
Navigate to the Provisioning tab.
Check the Enable provisioning checkbox and click Save.
SCIM provisioning is now active. Users assigned to the application in OneLogin will be automatically synced to Fellow.
Troubleshooting & Tips
Ensure the SCIM token is copied accurately with no leading or trailing spaces.
If user sync is not occurring, verify that provisioning is enabled on the Provisioning tab and that users are assigned to the application in OneLogin.
If manager information is not syncing, confirm that the managerEmail parameter is correctly mapped and that manager records exist in OneLogin.
For further assistance, contact the Fellow support team.