Integrating Millie SCIM with Azure

Integrating Millie SCIM with Azure

Summary

If you are an IT person, this document will help you provision your company's employees at Millie with Azure and SCIM.

Enable SCIM in Millie app

A flag must be set in the Millie app to enable SCIM. Login to Millie as a company admin and navigate to the SSO page at Settings / SSO:

image

In the provisioning section, a badge next to Provisioning (SCIM 2.0) reads ACTIVE or OFF to show the status of the SCIM flag. Contact Millie at tech@milliegiving.com to have it enabled.

Create SAML app integration

Next, you must add a Millie SAML app integration to Azure; you will modify and extend this integration in the steps below.

If you already have an integration, you may continue. Otherwise, use the Azure SAML setup guide to create one, test it, and then return here.

Add SCIM to app integration

  1. Login to the Azure admin center and select Enterprise applications from the menu to display the All applications page. Then click the Millie integration to display its Overview:
    2. image
  2. Click the Provisioning submenu item on the left to show the Provisioning page, then click Get started to show the Provisioning setup page:
    3. image
  3. In this page, set Provisioning Mode to Automatic. New fields will appear below.
  4. Copy the Base URL from the Millie SSO page into Tenant URL.
  5. Then copy OAuth Bearer Token from the Millie SSO page to Secret Token.
    6. đź’Ł
    Anyone with this token can send SCIM requests on your company's behalf! You should protect it the same way you would protect a password.
  6. Check the credentials by clicking the Test Connection button. If the test fails, check the values you entered above. Contact tech@milliegiving.com anytime you want a bit of help!
  7. Next, expand the Mappings section:
    8. image
  8. Click Provision Azure Active Directory Groups to display the Attribute Mapping page:
    9. image
  9. Set Enabled to No, click the Save button, then click the ✖️ to return to Provisioning.
    10. ℹ️
    Millie does not support SCIM groups.
  10. Click Provision Azure Active Directory Users to display Attribute Mapping again, this time with SCIM Users configuration.
  11. In the Target Object Actions section, uncheck Delete.
    12. ℹ️
    Millie does not support SCIM User deletion, only deactivation.

    This will disable what’s known as ”hard delete”s, which is intended. We support deprovisioning/deactivation through “soft delete”s which happens via the active attribute.

  12. Go to the Attribute Mappings section. You may delete attributes you do not want to share with Millie; however, the following mappings are required, and must not be deleted:
    13. Azure Active Directory Attribute
    customappsso Attribute
    userPrincipalName
    userName
    mail
    emails[type eq "work"].value
    givenName
    name.givenName
    surname
    name.familyName
    Switch([IsSoftDeleted], , "False", "True", "True", "False")
    active
  13. Click the Save button, then click the ✖️ to return to Provisioning.
  14. At the bottom of the Provisioning page, set Provisioning Status to On.
    15. image
  15. Now click the Save button. Provisioning should start immediately.

If you have questions, don't hesitate to contact us at tech@milliegiving.com!