OneLogin uses version 2 of Atlassian HipChat's user management API to provision and deprovision users to your HipChat account. When integrated with Active Directory, OneLogin does not store user passwords.
Note. This version of the HipChat connector was introduced on May 17, 2016 and uses the HipChat API v2, authenticating over OAuth. The previous version allowed you to connect using either version 1 or version 2 of the HipChat API, but did not take full advantage of the improved functionality of API v2. It is no longer available for new app integrations but is still supported if you added your HipChat app in OneLogin and enabled provisioning before May 17, 2016. For information about this legacy HipChat connector, see Provisioning for HipChat (Legacy Connector).
If you would like users to be provisioned into HipChat with the password that they use with Active Directory, log in to OneLogin as the OneLogin account owner and turn on the Enable password mapping feature under Settings > Account Settings.
If you don't turn this setting on, users will be provisioned into HipChat using a random password.
OneLogin only stores the password when Enable directory fallback password cache is turned on and the user signs into OneLogin at least once (allowing OneLogin to store the password securely). If the user has been provisioned with a random password and you have enabled directory fallback password cache, the Active Directory password will be stored and provisioned into HipChat.
For more information about these settings, see Account Settings for Account Owners.
1. The Hipchat on-premise server will not work with the existing app.
2. If using on-premise, a custom connector will need to be created and provisioning will not be an option.
- Go to Apps > Add Apps, search for HipChat and select it.
- Click Save to add HipChat to your OneLogin account.
On the Configuration tab, connect to the HipChat API over OAuth.
- Most HipChat implementations use
api.hipchat.com as the API Base URL. If yours doesn't, enter it here in the Base URL field.
At the prompt, click the link to go to HipChat.
Enter and submit your HipChat credentials.
Grant access to HipChat.
When you have successfully connected, OneLogin returns you to the HipChat app configuration page.
You can also confirm that the authorization was successful by going to the Configuration tab and confirming that the Clear Token button appears.
You can click this button if you ever need to reauthenticate with the HipChat API.
On the Provisioning tab, enable provisioning and configure the provisioning approval workflow.
Click Enable provisioning for HipChat.
Choose the provisioning actions that should require administrator approval.
For any action you select, a OneLogin administrator must go to Users > Provisioning and manually approve each action for provisioning to complete. Clear these options if you want OneLogin to provision new users and user updates to HipChat without administrative approval.
Important! When you first configure provisioning, we recommend that you enable these approval options so that you can confirm that the correct users are being provisioned with the correct entitlements. Once you have confirmed that provisioning is working as expected, you can clear these options to enable provisioning to proceed without approval, if you want.
Select what happens to a user in HipChat when that user is deleted from OneLogin.
Choose between Delete and Do Nothing.
- Click Save.
On the Parameters tab, select how you want user credentials to be configured.
You can also select the OneLogin attributes that you want to map to HipChat user attributes. For most implementations, you should keep the defaults.
(Optional) On the Rules tab, create rules to provision HipChat admin-level access based on OneLogin attribute values.
Click New Rule to open the New Mapping dialog.
- Name your new Mapping.
Set the Action for your mapping and the Conditions that will trigger it.
In the example shown in the screenshot, the mapping Conditions = MemberOf > contains > it_managers and Actions = Set Is Admin? in HipChat > Is Admin? means "If provisioning encounters a user who is a MemberOf the AD Security Group (OU) it_managers, assign that user as a HipChat Administrator.
- Click Show Affected Users to makes sure that the mapping will affect the desired users.
- Click Save.
Go to the More Actions menu and select Reapply provisioning mappings.
Do this every time you create or update a mapping to ensure that the most recent mappings are being applied to your users.