Organizations that use OneLogin provisioning for user management can integrate that with their StarLeaf account. OneLogin integration is available for organizations on a StarLeaf Enterprise account.

To activate OneLogin integration on your StarLeaf account, contact StarLeaf technical support (


Before you start configuring provisioning for StarLeaf, you need to create an Access token:

  1. Log in to .
  2. Go to Integrations > Add integration. Select OneLogin user provisioning and click Apply.
  3. You see the SCIM server URL and Access token:
  4. Make a note of the Access token. You will need this when you configure OneLogin. (You do not need to note the SCIM base URL as this is included in the OneLogin integration).

Add StarLeaf in OneLogin

  1. Log in to OneLogin and select App > Add apps
  2. Search ‘StarLeaf’ and select the StarLeaf app that appears.
  3. On the StarLeaf app page, select Save
  4. Go to Apps > Company apps. StarLeaf is now in the list of your company apps.
  5. Select the StarLeaf app and then Configuration
  6. Under SCIM Bearer Token, enter the access token from the StarLeaf Portal.
  7. Under API Status, select Enable
  8. Select Save
  9. Go to Provisioning, and ensure that Suspend is the default selection for when users are deleted in OneLogin, or the user’s app access is removed.
  10. Select Save.

Troubleshooting and tips

Compromised access token

If you think your access token has been compromised, you must create a new token.

  1. In the StarLeaf Portal, go to your organization and to Integrations > OneLogin
  2. Select Regenerate access token
  3. Select Apply
  4. Go back to and enter the new token in Apps > Company apps > StarLeaf > Configuration > SCIM Bearer Token
  5. Select Save

Provisioning state ‘failed’

If a user’s Provisioning State is showing as ‘failed’ in OneLogin, the user’s external ID in OneLogin does not match that held by StarLeaf. To fix this:

  1. Go to OneLogin > Apps > Company apps > StarLeaf > Users
  2. Select Apply to all
  3. Reapply Mappings