SCIM Setup for Azure
Last updated
Last updated
This technical guide offers comprehensive insights into the integration capabilities of MangoApps with Azure Active Directory (AD) using the System for Cross-domain Identity Management (SCIM) standard. SCIM is an open standard designed to automate user provisioning and lifecycle management.
MangoApps seamlessly integrates with Azure AD through SCIM provisioning using the Security Assertion Markup Language (SAML). This integration provides organizations with automated user provisioning and lifecycle management, ensuring a streamlined and efficient process.
To begin, navigate to SSO -> SAML ->Add SSO Connection within the Admin Portal
Click the Add SSO Connection button to bring up the Add SSO Connection pop-up menu.
Select Azure Active Directory from the identity provider dropdown menu and provide an easily identifiable name for the connection.
JIT User Provisioning: When enabled, this feature automatically creates and activates a user within the MangoApps domain after successful authentication with the Single Sign-On (SSO) provider. This feature only applies when the user's credentials are nonexistent or when the user is in a deactivated state within the MangoApps domain. If the user already exists within the domain but is in a suspended state, MangoApps will not activate the user.
This feature can remain toggled off as, in this case, user provisioning will be automatically handled through SCIM.
Remember User: When enabled, this feature retains the user's session, allowing for automatic login during their subsequent visits. The user session is cleared only when the user explicitly logs out.
Metadata: If your IDP provides a meta data URL, MangoApps can directly read the xml and auto-populate the fields below.
This field will remain blank as we will be inputting configurations manually.
Configure Manually: The fields in this dropdown menu allow you to add manual configuration information. Most of these fields will populate automatically during the setup process.
Copy the ACS URL (HTTPS) to a notepad or other documentation program as we will make use of it later.
Once the above information has been entered, navigate to your Azure portal: https://portal.azure.com/
From here, navigate to Enterprise applications and create a new application.
On the Create your own applications screen to the right, enter a name for the app which we will be integrating into MangoApps and select the last option from the multiple choice field, "Integrate any other application you don't find in the gallery (Non-gallery)". Since we will be integrating with a third party application.
If need be, refresh your Enterprise Application page, otherwise you will be automatically directed to your new application.
From this new application menu, navigate to the Single Sign-On section from the left hand navigation menu or click Get Started under Setup up single sign on from the center menu.
Select SAML as your SSO method. This will direct you to the SAML-based Sign-on options.
Within this menu, we will be editing the Basic SAML Configuration section.
In the configuration menu, paste the ACS URL (HTTPS) we copied earlier from our MangoApps domain in the Reply URL field.
Click Add Identifier under Identifier (Entity ID) and paste in the Microsoft Entra Identifier.
Sign on URL, Relay State, and Logout URL are all optional in this case.
Click Save to save your configuration.
Double check the Attributes & Claims section as, depending on the identifier your company uses for users, you may need to use Object ID or the principle name. This Identifier cannot be different than how your users are signing in.
While still in the Azure portal, scroll down to the SAML Certificates section. Copy the App Federation Metadata URL.
Moving back to the MangoApps Admin Portal, paste the URL copied from the Azure portal to the Metadata field. Click Read from URL to populate the manual configuration fields and double check all fields are correct. Save the configuration.
If you encounter an error with the link populated into the SAML 2.0 Endpoint field, please contact your Account Management Team for troubleshooting support or view the vendor video below.
After testing your SAML connection and verifying all fields are correct, click Configure User Mappings next to the newly created SAML connection. This will bring up the User Mappings window.
Take note of the SCIM Base URL and the SCIM Bearer Token, as we will be using these shortly.
Switching back to the Azure Portal SAML App Settings, navigate to the Provisioning section on the left hand navigation menu.
Select Get Started. On the subsequent menu you will want to set the following:
Set the Provisioning Mode as Automatic
Paste the SCIM Base URL you copied to the Tenant URL section on Azure.
Paste the SCIM Bearer Token copied from MangoApps to the Secret Token section in Azure.
Click on Test Connection to ensure it is a success. Make sure to save the connection again in MangoApps before testing.
The SCIM provisioning is now complete! The SCIM will run automatically or you can provision on demand if need be.
Once the provisioning settings are setup and tested successfully, navigate to Users and groups within the Azure Portal. If this section does not already have Users for your organization populated, click +Add user/group from the top menu to begin adding users.
Once users have been added in this way, Azure will automatically sync them to MangoApps.
In the following video, we will guide you through the integration setup of MangoApps with Azure Active Directory (AD) using Entra ID, incorporating Single Sign-On (SSO) with Security Assertion Markup Language (SAML) connections.
This video will offer a step-by-step walkthrough of the System for Cross-domain Identity Management (SCIM) provisioning process. We aim to provide comprehensive guidance on each stage of the integration, ensuring a smooth and efficient setup. We will also tackle two common troubleshooting issues that may arise during the configuration process. Our goal is to address these challenges proactively in the event they should occur.