BrowserStack user provisioning with OneLogin

Connect your OneLogin IdP with BrowserStack

Introduction

OneLogin’s integration with BrowserStack enables end-users to enable Single Sign-on and Auto User Provisioning for their BrowserStack account. This document describes how to configure auto User Provisioning when OneLogin is your identity provider.

Prerequisites

  • You need to have an Enterprise plan with BrowserStack.
  • To access the configuration/set-up on BrowserStack, you need to be the Owner for your BrowserStack Group.
  • You need to have administrator access to your organization’s OneLogin instance.
  • Your OneLogin SSO needs to be enabled before User Provisioning. Follow the instructions given here to set up SSO with OneLogin.

Supported features

The OneLogin & BrowserStack User Provisioning integration is configurable on BrowserStack, currently supports the following features:

  • User provisioning & de-provisioning
  • User’s Browserstack role assignment
  • User’s Browserstack product access
  • User’s Browserstack team membership
  • Group assignment via OneLogin’s application assignment to “OneLogin roles”

Configuring for user provisioning

  1. Log-in to BrowserStack as Owner.

  2. Go to Account -> Settings & Permissions. Select the Security tab.

  3. Under Auto User Provisioning, select Configure. Under auto user provisioning, select configure

  4. Select the user attributes that you want to control via IDP Auto User Provisioning - One Login User Attributes

  5. Copy the Access Key only, it will be used on OneLogin for authentication Credentials for integration with your IDP

  6. If you set up SSO before setting up User Provisioning, you already have the BrowserStack app added on OneLogin, skip this step. Otherwise
    • Go to Applications
    • Click Add App, and find the BrowserStack app under Add Application on OneLogin
    • Add it to your OneLogin tenant, give it an identifiable name under “Display Name” and clicking Save Click Add App in Applications and find Browserstack App under Add Aplication on OneLogin. Add it to your OneLogin tenant and give and identifiable name under Display Name
  7. Head to BrowserStack App on OneLogin, and go to the Configuration tab.
    • You should have SSO configured via this tab already, if not, use this link to set it up. configuration
  8. Add the Access Key from BrowserStack in the SCIM Bearer Token field on OneLogin.
    • Click Enable, OneLogin will give a green Enabled text confirmation Green tick is displayed on clicking enable
  9. Head to Provisioning, to start pushing users to Browserstack
    • Make sure that the following are selected:
      • Create user
      • Delete user
      • Update user
    • Select Delete as the action for when users are deleted on OneLogin.
    • Select Do Nothing as the action for when users are suspended on OneLogin. (Suspension is not supported on Browserstack.) Head to provisioning, to start pushing users to browserstack
  10. Go to Parameters, and click on SCIM username under Required Parameters. Set the value to Email.

  11. Save the current state. We will enable Provisioning on Browserstack before coming back and enabling it on OneLogin. You can enable it via the provisioning tab at this step, but the users will not be pushed into Browserstack till we enable it on Browserstack.

  12. On Browserstack, enable Auto User Provisioning once you have set it up on OneLogin, otherwise, you will be locked out of inviting new users via BrowserStack UI. Account Settings Page after OneLogin setup

Managing users via OneLogin application

Note: We would suggest that as a first step, please put all the users you currently have on the BrowserStack account into the OneLogin app via the assignment tab. This would avoid any discrepancies between the user lists on OneLogin and Browserstack.

Managing users on OneLogin and BrowserStack

Depending on the configuration that you select while setting up Auto User Provisioning on BrowserStack. You will need to create the appropriate Custom User Fields and assign in the Parameters tab. Set up Auto User Provisioning on BrowserStack

Ensure that you check the box next to Include in User Provisioning.

Provisioning & Deprovisioning users

  1. By assigning the app to the user, the user will get provisioned on the BrowserStack platform.
  2. You can remove a user and his/her access by removing the user from the app.
Note:
  1. You cannot delete the current Owner from OneLogin. Assign Owner role to another user, before deleting the current Owner.
  2. Updating the owner will log out the current owner as well as the old owner from their current session for security reasons.

Role assignment

  1. Attribute Name: primary_role
  2. External Name: bstack_role
  3. Default assignment as User, in case of
    • Unexpected, empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Role Update
User User will be assigned
Admin Admin will be assigned
Owner Owner will be assigned The current owner will be replaced with the new owner. The current owner will become a user.
No Value
Empty or Any other value
The user is created as User by default.

Team assignment

  1. Attribute Name: primary_team
  2. External Name: bstack_team
  3. Default assignment as Group User, in case of
    • Empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Team Update
team_name The user gets added to the existing team if a team exists with the same name. Otherwise, a new team will be created with the passed attribute value.
No value/Empty The user is assigned as part of Group

Product assignment

  1. Attribute Name: primary_product
  2. External Name: bstack_product
  3. Default assignment no product access, in case of
    • Unexpected, empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Product Update
Browser-Testing Live
Automate
Visual-Testing Percy
Automate-Testing Automate
Live-Testing Live
Mobile-App-Testing App Live
App Automate
App-Automate-Testing App Automate
App-Live-Testing App Live
Note: Multiple values can be passed for product access in a comma-separated string. Example: Browser-Testing,Visual-Testing

Troubleshooting

Below is a list of possible errors that might be encountered and how to resolve them:

User already present on BrowserStack

Resolution: User already presents on BrowserStack under a different organization, please get the account deleted before provisioning the user.

User already present on Browserstack

Invalid parameter/attribute values passed for Role or Product

Resolution: Role/Product is not a valid use-case, please use the attribute values provided above.

User could not be updated error

Owner deletion

Note: Owner cannot be directly deleted via OneLogin. Please assign the owner role to another user via Browserstack UI, and then delete the old owner.

Incompatible attributes

Resolution: You are assigning incompatible user attributes, for example Owner cannot have a team assigned.

Troubleshooting Incomplete attributes in BrowserStack SSO

Licenses not available

Resolution: You have used up all your licenses for the product, please unassign users or add more licenses. Contact your Account Executive to get information on adding licenses.

Note: When a user is deactivated on OneLogin, the said user will be deleted from your BrowserStack account. Whenever the user is activated, a new user will be created on BrowserStack. This would lead to a new id being created.

Escalation/Support

Please connect with support@browserstack.com for any escalations or support.

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better







Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked






Thank you for your valuable feedback!

Talk to an Expert
Talk to an Expert