Skip to main content
When SCIM (System for Cross-domain Identity Management) is enabled, you can automatically provision Omni accounts for your users and synchronize Omni user groups with groups in Rippling. You can integrate Rippling’s provisioning capability with Omni to create accounts for your users and synchronize Omni groups with attributes in Rippling. All users created via SCIM will be organization Members, organization Admins can only be created or converted from Member level in the UI.

​
Requirements

To follow the steps in this guide, you’ll need:
  • To have Rippling SAML authentication set up. If you don’t, refer to the Rippling SAML authentication setup guide before proceeding.
  • Omni Organization Admin permissions
  • Permissions in Rippling that allow you to modify applications

​
Limitations

Currently, only syncing the displayName user attribute from Rippling to Omni is supported.

​
Setup

Omni users created via SCIM will have Organization Member permissions. Organization Admins must be created in Settings > Users or have their permissions manually upgraded.
1

Create an Omni API key

  1. Follow these steps to create a new API key named Rippling SCIM.
  2. Copy the key somewhere handy - you’ll need it to complete the setup.
2

Configure the Omni Rippling application

  1. In a new browser tab, log into Rippling.
  2. Navigate to the Omni application. Note: If you don’t have SAML set up already, complete the steps in the Omni-Rippling SAML guide before proceeding.
  3. Navigate to the SCIM configuration form and fill in the following:
    • SCIM version - Set to 2.0
    • Leave Does not support One Way Sync disabled
    • SCIM base url - Enter the URL you use to log into Omni, appended with /api/scim/v2. For example, if your Omni login URL is https://blobsrus.omniapp.co, you would enter https://blobsrus.omniapp.co/api/scim/v2.
    • SCIM authorization method - Set to Bearer Token
    • Enable Supports groups
    • Supports Mutually Exclusive Groups - Set to Not Mutually Exclusive Groups
    • Enable Supports pagination and Create & Delete Groups
    • Leave Use PATCH to edit Groups and Generate temporary password disabled
    • Select Use email address as username
    • Supported SCIM attributes - Set to displayName
  4. Click Continue.
3

Install the custom SCIM application

  1. If prompted, select I’m the Omni admin, I’ll install it.
  2. Ensure that Offboarding is enabled.
  3. In the Bearer Token field, paste the Omni API key you created in step 1.
    If Rippling doesn’t prompt you to provide a Bearer token, you may need to re-install the custom app. Follow the Modify App link in the app’s Settings tab to do this.
  4. Configure provisioning rules and match up existing user accounts and groups.