BrowserStack user provisioning with OneLogin

Connect your OneLogin IdP with BrowserStack to manage users

Introduction

OneLogin’s integration with BrowserStack enables end-users to enable Single Sign-on and Auto User Provisioning for their BrowserStack account. This document describes how to configure auto User Provisioning when OneLogin is your identity provider.

Prerequisites

  • You need to have an Enterprise plan with BrowserStack.
  • To access the configuration/set-up on BrowserStack, you need to be the Owner for your BrowserStack Group.
  • You need to have administrator access to your organization’s OneLogin instance.
  • Your OneLogin SSO needs to be enabled before User Provisioning. Follow the instructions given here to set up SSO with OneLogin.

Supported Features

The OneLogin & BrowserStack User Provisioning integration is configurable on BrowserStack, currently supports the following features:

  • User provisioning & de-provisioning
  • User’s Browserstack role assignment
  • User’s Browserstack product access
  • User’s Browserstack team membership
  • Group assignment via OneLogin’s application assignment to “OneLogin roles”

Configuring For User Provisioning

  1. Log-in to BrowserStack as Owner.

  2. Go to Account -> Settings & Permissions. Select the Security tab.

  3. Under Auto User Provisioning, select Configure. 1-configure

  4. Select the user attributes that you want to control via IDP 2-selectattributes

  5. Copy the Access Key only, it will be used on OneLogin for authentication 3-credentials

  6. If you set up SSO before setting up User Provisioning, you already have the BrowserStack app added on OneLogin, skip this step. Otherwise
    • Go to Applications
    • Click Add App, and find the BrowserStack app under Add Application on OneLogin
    • Add it to your OneLogin tenant, give it an identifiable name under “Display Name” and clicking Save 4-addapplication
  7. Head to BrowserStack App on OneLogin, and go to the Configuration tab.
    • You should have SSO configured via this tab already, if not, use this link to set it up. 5-configureapplication
  8. Add the Access Key from BrowserStack in the SCIM Bearer Token field on OneLogin.
    • Click Enable, OneLogin will give a green Enabled text confirmation 6-enableapplication
  9. Head to Provisioning, to start pushing users to Browserstack
    • Make sure that the following are selected:
      • Create user
      • Delete user
      • Update user
    • Select Delete as the action for when users are deleted on OneLogin.
    • Select Do Nothing as the action for when users are suspended on OneLogin. (Suspension is not supported on Browserstack.) 7-provisioning
  10. Go to Parameters, and click on SCIM username under Required Parameters. Set the value to Email.

  11. Save the current state. We will enable Provisioning on Browserstack before coming back and enabling it on OneLogin. You can enable it via the provisioning tab at this step, but the users will not be pushed into Browserstack till we enable it on Browserstack.

  12. On Browserstack, enable Auto User Provisioning once you have set it up on OneLogin, otherwise, you will be locked out of inviting new users via BrowserStack UI. 8-configuredandenable 9-enableprovisioning

  13. Done

Managing Users via OneLogin Application

We would suggest that as a first step, please put all the users you currently have on the BrowserStack account into the OneLogin app via the assignment tab. This would avoid any discrepancies between the user lists on OneLogin and Browserstack. 10-managingusers

Depending on the configuration that you select while setting up Auto User Provisioning on BrowserStack. You will need to create the appropriate Custom User Fields and assign in the Parameters tab. 11-managingusers-editfield

Ensure that you check the box next to Include in User Provisioning.

Provisioning & Deprovisioning Users

  1. By assigning the app to the user, the user will get provisioned on the BrowserStack platform.
  2. You can remove a user and his/her access by removing the user from the app.
Note:
  1. You cannot delete the current Owner from OneLogin. Assign Owner role to another user, before deleting the current Owner.
  2. Updating the owner will log out the current owner as well as the old owner from their current session for security reasons.

Role Assignment

  1. Attribute Name: primary_role
  2. External Name: bstack_role
  3. Default assignment as User, in case of
    • Unexpected, empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Role Update
User User will be assigned
Admin Admin will be assigned
Owner Owner will be assigned The current owner will be replaced with the new owner. The current owner will become a user.
No Value
Empty or Any other value
The user is created as User by default.

Team Assignment

  1. Attribute Name: primary_team
  2. External Name: bstack_team
  3. Default assignment as Group User, in case of
    • Empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Team Update
team_name The user gets added to the existing team if a team exists with the same name. Otherwise, a new team will be created with the passed attribute value.
No value/Empty The user is assigned as part of Group

Product Assignment

  1. Attribute Name: primary_product
  2. External Name: bstack_product
  3. Default assignment no product access, in case of
    • Unexpected, empty or no value
    • Attribute controlled by BrowserStack UI
  4. Expected values when attribute controlled by OneLogin:
Attribute Value Product Update
Browser-Testing Live
Automate
Visual-Testing Percy
Automate-Testing Automate
Live-Testing Live
Mobile-App-Testing App Live
App Automate
App-Automate-Testing App Automate
App-Live-Testing App Live
Note: Multiple values can be passed for product access in a comma-separated string. Example: Browser-Testing,Visual-Testing

Troubleshooting

We would suggest that as a first step, please put all the users you currently have on the BrowserStack account into the OneLogin app via the assignment tab. This would avoid any discrepancies between the user lists on OneLogin and Browserstack.

User Already Present On BrowserStack

Resolution: User already presents on BrowserStack under a different organization, please get the account deleted before provisioning the user.

12-troubleshoot-userpresent

Invalid parameter/attribute values passed for Role or Product

Resolution: Role/Product is not a valid use-case, please use the attribute values provided above.

13-troubleshoot-invalidparameter

Owner Deletion

Note: Owner cannot be directly deleted via OneLogin. Please assign the owner role to another user via Browserstack UI, and then delete the old owner.

Incompatible Attributes

Resolution: You are assigning incompatible user attributes, for example Owner cannot have a team assigned.

14-troubleshoot-incompatibleattributes

Licenses Not Available

Resolution: You have used up all your licenses for the product, please unassign users or add more licenses. Contact your Account Executive to get information on adding licenses.

Note: When a user is deactivated on OneLogin, the said user will be deleted from your BrowserStack account. Whenever the user is activated, a new user will be created on BrowserStack. This would lead to a new id being created.

Escalation/Support

Please connect with support@browserstack.com for any escalations or support.

We're sorry to hear that. Please share your feedback so we can do better






Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback

Is this page helping you?

Yes
No

We're sorry to hear that. Please share your feedback so we can do better






Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked





Thank you for your valuable feedback!

Talk to automation expert