# SCIM Setup for Microsoft Entra ID (Old)
### Overview
This technical guide offers comprehensive insights into the integration capabilities of MangoApps with Azure Active Directory (AD) using the System for Cross-domain Identity Management (SCIM) standard. SCIM is an open standard designed to automate user provisioning and lifecycle management.
MangoApps seamlessly integrates with Microsoft Entra ID through SCIM provisioning using the Security Assertion Markup Language (SAML). This integration provides organizations with automated user provisioning and lifecycle management, ensuring a streamlined and efficient process.
***
### Admin Portal within MangoApps
To begin, navigate to **SSO -> SAML ->Add SSO** **Connection** within the Admin Portal
Click the **Add SSO Connection** button to bring up the **Add SSO Connection pop-up** menu.
Select **Azure Active Directory** from the identity provider dropdown menu and provide an easily identifiable name for the connection.
**JIT User Provisioning**: When **enabled**, this feature automatically creates and activates a user within the MangoApps domain after successful authentication with the Single Sign-On (SSO) provider. This feature only applies when the user's credentials are nonexistent or when the user is in a deactivated state within the MangoApps domain. If the user already exists within the domain but is in a suspended state, MangoApps will **not** activate the user.
{% hint style="info" %}
This feature can remain toggled **off** as, in this case, user provisioning will be automatically handled through SCIM.
{% endhint %}
**Remember User**: When enabled, this feature retains the user's session, allowing for automatic login during their subsequent visits. The user session is cleared only when the user explicitly logs out.
**Metadata**: If your IDP provides a meta data URL, MangoApps can directly read the xml and auto-populate the fields below.
{% hint style="info" %}
This field will remain blank as we will be inputting configurations manually.
{% endhint %}
**Configure Manually**: The fields in this dropdown menu allow you to add manual configuration information. **Most of these fields will populate automatically during the setup process.**
{% hint style="info" %}
Copy the **ACS URL (HTTPS)** to a notepad or other documentation program as we will make use of it later.
{% endhint %}
***
### Microsoft Entra ID **Portal**
Once the above information has been entered, navigate to your Microsoft Entra ID portal:
From here, navigate to **Enterprise applications** and create a new application.
On the Create your own applications screen to the right, enter a name for the app which we will be integrating into MangoApps and select the last option from the multiple choice field, "Integrate any other application you don't find in the gallery (Non-gallery)". Since we will be integrating with a third party application.
If need be, refresh your Enterprise Application page, otherwise you will be automatically directed to your new application.
From this new application menu, navigate to the **Single Sign-On** section from the left hand navigation menu or click **Get Started** under **Setup up single sign on** from the center menu.
Select **SAML** as your SSO method. This will direct you to the **SAML-based Sign-on** options.
Within this menu, we will be editing the **Basic SAML Configuration** section.
***
### Basic SAML Configuration Menu
In the configuration menu, paste the **ACS URL (HTTPS)** we copied earlier from our MangoApps domain in the **Reply URL** field.
Click **Add Identifier** under **Identifier (Entity ID)** and paste in the Microsoft Entra Identifier.
{% hint style="info" %}
**Sign on URL**, **Relay State**, and **Logout URL** are all optional in this case.
{% endhint %}
Click **Save** to save your configuration.
{% hint style="danger" %}
Double check the **Attributes & Claims** section as, depending on the identifier your company uses for users, you may need to use Object ID or the principle name. This Identifier **cannot** be different than how your users are signing in.
{% endhint %}
***
### SAML Setup in MangoApps
While still in the Microsoft Entra ID portal, scroll down to the **SAML Certificates** section. Copy the **App Federation Metadata URL.**
Moving back to the **MangoApps Admin Portal**, paste the URL copied from the Microsoft Entra ID portal to the **Metadata** field. Click **Read from URL** to populate the manual configuration fields and double check all fields are correct. **Save** the configuration.
{% hint style="warning" %}
If you encounter an error with the link populated into the SAML 2.0 Endpoint field, please contact your Account Management Team for troubleshooting support or view the vendor video below.
{% endhint %}
***
### Configure User Mappings with SAML Connection
After testing your SAML connection and verifying all fields are correct, click **Configure User Mappings** next to the newly created SAML connection. This will bring up the **User Mappings** window.
Take note of the **SCIM Base URL** and the **SCIM Bearer Token**, as we will be using these shortly.
Switching back to the **Azure Portal SAML App Settings**, navigate to the **Provisioning** section on the left hand navigation menu.
Select **Get Started**. On the subsequent menu you will want to set the following:
* Set the Provisioning Mode as Automatic
* Paste the **SCIM Base URL** you copied to the **Tenant URL** section on Microsoft Entra ID.
* Paste the **SCIM Bearer Token** copied from MangoApps to the **Secret Token** section in Microsoft Entra ID.
* Click on **Test Connection** to ensure it is a success. Make sure to save the connection again in MangoApps before testing.
The SCIM provisioning is now complete! The SCIM will run automatically or you can provision on demand if need be.
***
### Add Users
Once the provisioning settings are setup and tested successfully, navigate to **Users and groups** within the Microsoft Entra ID Portal. If this section does not already have Users for your organization populated, click **+Add user/group** from the top menu to begin adding users.
Once users have been added in this way, Microsoft Entra ID will automatically sync them to MangoApps.
***
### Vendor Walkthrough Video
In the following video, we will guide you through the integration setup of MangoApps with Azure Active Directory (AD) using Entra ID, incorporating Single Sign-On (SSO) with Security Assertion Markup Language (SAML) connections.
This video will offer a step-by-step walkthrough of the System for Cross-domain Identity Management (SCIM) provisioning process. We aim to provide comprehensive guidance on each stage of the integration, ensuring a smooth and efficient setup. We will also tackle two common troubleshooting issues that may arise during the configuration process. Our goal is to address these challenges proactively in the event they should occur.
{% embed url="" %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://guides.mangoapps.com/integrations-guide/single-sign-on/sso-integrations-by-provider/sso-integrations-for-microsoft/scim-setup-for-microsoft-entra-id-old.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
