Browserstack Documentation Documentation
Documentation home icon Separator

    BrowserStack user provisioning with OneLogin

    Connect your OneLogin IdP with BrowserStack

    Introduction

    OneLogin’s integration with BrowserStack enables end-users to enable Single Sign-on and Auto User Provisioning for their BrowserStack account. This document describes how to configure auto User Provisioning when OneLogin is your identity provider.

    Prerequisites

    • Enterprise plan on BrowserStack.
    • You need to have administrator access to your organization’s OneLogin instance.
    • Your OneLogin SSO needs to be enabled before User Provisioning. Follow the instructions given here to set up SSO with OneLogin.
    • User with Owner permissions can setup user provisioning on BrowserStack.
    Note: Owner can also allow user provisioning setup access to one of the Admin(s). Learn more

    Supported features

    The OneLogin & BrowserStack User Provisioning integration is configurable on BrowserStack, currently supports the following features:

    • User provisioning & de-provisioning
    • Attribute assignment for users on BrowserStack:
      • Role assignment
      • Product access
      • Team assignment
    • Group assignment via OneLogin’s application assignment to “OneLogin roles”

    Configuring for user provisioning

    1. Log-in to BrowserStack as Owner.

    2. Go to Account > Security and select Authentication from the side-nav menu.

    3. Under Auto User Provisioning, select Configure. Under auto user provisioning, select configure

    4. Select the user attributes that you want to control via IDP Auto User Provisioning - One Login User Attributes

    5. Copy the Access Key only, it will be used on OneLogin for authentication Credentials for integration with your IDP

    6. If you set up SSO before setting up User Provisioning, you already have the BrowserStack app added on OneLogin, skip this step. Otherwise
      • Go to Applications
      • Click Add App, and find the BrowserStack app under Add Application on OneLogin
      • Add it to your OneLogin tenant, give it an identifiable name under “Display Name” and clicking Save Click Add App in Applications and find Browserstack App under Add Aplication on OneLogin. Add it to your OneLogin tenant and give and identifiable name under Display Name
    7. Head to BrowserStack App on OneLogin, and go to the Configuration tab.
      • You should have SSO configured via this tab already, if not, use this link to set it up. configuration
    8. Add the Access Key from BrowserStack in the SCIM Bearer Token field on OneLogin.
      • Click Enable, OneLogin will give a green Enabled text confirmation Green tick is displayed on clicking enable
    9. Head to Provisioning, to start pushing users to Browserstack
      • Make sure that the following are selected:
        • Create user
        • Delete user
        • Update user
      • Select Delete as the action for when users are deleted on OneLogin.
      • Select Do Nothing as the action for when users are suspended on OneLogin. (Suspension is not supported on Browserstack.) Head to provisioning, to start pushing users to browserstack

    10. Go to Parameters, and click on SCIM username under Required Parameters. Set the value to Email.

    11. Save the current state. We will enable Provisioning on Browserstack before coming back and enabling it on OneLogin. You can enable it via the provisioning tab at this step, but the users will not be pushed into Browserstack till we enable it on Browserstack.

    12. On Browserstack, enable Auto User Provisioning once you have set it up on OneLogin, otherwise, you will be locked out of inviting new users via BrowserStack UI. Account Settings Page after OneLogin setup

    Managing users via OneLogin application

    Note: We would suggest that as a first step, please put all the users you currently have on the BrowserStack account into the OneLogin app via the assignment tab. This would avoid any discrepancies between the user lists on OneLogin and Browserstack.

    Managing users on OneLogin and BrowserStack

    Depending on the configuration that you select while setting up Auto User Provisioning on BrowserStack. You will need to create the appropriate Custom User Fields and assign in the Parameters tab. Set up Auto User Provisioning on BrowserStack

    Ensure that you check the box next to Include in User Provisioning.

    Provisioning & Deprovisioning users

    1. By assigning the app to the user, the user will get provisioned on the BrowserStack platform.
    2. You can remove a user and his/her access by removing the user from the app.
    Note:
    1. You cannot delete the current Owner from OneLogin. Assign Owner role to another user, before deleting the current Owner.
    2. Updating the owner will log out the current owner as well as the old owner from their current session for security reasons.

    Role assignment

    1. Attribute Name: primary_role
    2. External Name: bstack_role
    3. Default assignment as User, in case of
      • Unexpected, empty or no value
      • Attribute controlled by BrowserStack UI
    4. Expected values when attribute controlled by OneLogin:
    Attribute Value Role Update
    User User will be assigned
    Admin Admin will be assigned
    Owner Owner will be assigned The current owner will be replaced with the new owner. The current owner will become a user.
    No Value
    Empty or Any other value    		 The user is created as User by default.

    Team assignment

    1. Attribute Name: primary_team
    2. External Name: bstack_team
    3. Default assignment as Group User, in case of
      • Empty or no value
      • Attribute controlled by BrowserStack UI
    4. Expected values when attribute controlled by OneLogin:
    Attribute Value Team Update
    team_name The user gets added to the existing team if a team exists with the same name. Otherwise, a new team will be created with the passed attribute value.
    No value/Empty The user is assigned as part of Group

    Product assignment

    1. Attribute Name: primary_product
    2. External Name: bstack_product
    3. Default assignment no product access, in case of
      • Unexpected, empty or no value
      • Attribute controlled by BrowserStack UI
    4. Expected values when attribute controlled by OneLogin:
    Attribute Value Product Update
    Browser-Testing Live
    Automate
    Visual-Testing Percy
    Automate-Testing Automate
    Live-Testing Live
    Mobile-App-Testing App Live
    App Automate
    App-Automate-Testing App Automate
    App-Live-Testing App Live
    App-Percy App-Percy
    Accessibility-Testing Accesssibility Testing
    Test-Management Test Management
    Test-Observability Test Observability
    Note: Multiple values can be passed for product access in a comma-separated string. Example: Browser-Testing,Visual-Testing

    Troubleshooting

    Below is a list of possible errors that might be encountered and how to resolve them:

    User already present on BrowserStack

    Resolution: User already presents on BrowserStack under a different organization, please get the account deleted before provisioning the user.

    User already present on Browserstack

    Invalid parameter/attribute values passed for Role or Product

    Resolution: Role/Product is not a valid use-case, please use the attribute values provided above.

    User could not be updated error

    Owner deletion

    Note: Owner cannot be directly deleted via OneLogin. Please assign the owner role to another user via Browserstack UI, and then delete the old owner.

    Incompatible attributes

    Resolution: You are assigning incompatible user attributes, for example Owner cannot have a team assigned.

    Troubleshooting Incomplete attributes in BrowserStack SSO

    Licenses not available

    Resolution: You have used up all your licenses for the product, please unassign users or add more licenses. Contact your Account Executive to get information on adding licenses.

    Note: When a user is deactivated on OneLogin, the said user will be deleted from your BrowserStack account. Whenever the user is activated, a new user will be created on BrowserStack. This would lead to a new id being created.

    Escalation/Support

    Please connect with support@browserstack.com for any escalations or support.

    We're sorry to hear that. Please share your feedback so we can do better

    Contact our Support team for immediate help while we work on improving our docs.

    We're continuously improving our docs. We'd love to know what you liked






    Thank you for your valuable feedback

    • ON THIS PAGE

      Is this page helping you?

      Yes
      No

      We're sorry to hear that. Please share your feedback so we can do better

      Contact our Support team for immediate help while we work on improving our docs.

      We're continuously improving our docs. We'd love to know what you liked






      Thank you for your valuable feedback!

      By clicking 'Accept All', you agree to the use of all types of cookies to enhance site navigation. For more information, please visit our Cookie Policy.

      Accept All Reject All

      Talk to an Expert
      Download Copy