If you are an IT person, this document will help you provision your company's employees at Millie with Azure and SCIM.
Enable SCIM in Millie app
A flag must be set in the Millie app to enable SCIM. Login to Millie as a company admin and navigate to the SSO page at Settings / SSO:
In the provisioning section, a badge next to Provisioning (SCIM 2.0) reads ACTIVE or OFF to show the status of the SCIM flag. Contact Millie at email@example.com to have it enabled.
Create SAML app integration
Next, you must add a Millie SAML app integration to Azure; you will modify and extend this integration in the steps below.
If you already have an integration, you may continue. Otherwise, use the Azure SAML setup guide to create one, test it, and then return here.
Add SCIM to app integration
- Login to the Azure admin center and select Enterprise applications from the menu to display the All applications page. Then click the Millie integration to display its Overview:
- Click the Provisioning submenu item on the left to show the Provisioning page, then click Get started to show the Provisioning setup page:
- In this page, set Provisioning Mode to Automatic. New fields will appear below.
- Copy the Base URL from the Millie SSO page into Tenant URL.
- Then copy OAuth Bearer Token from the Millie SSO page to Secret Token.
- Check the credentials by clicking the Test Connection button. If the test fails, check the values you entered above. Contact firstname.lastname@example.org anytime you want a bit of help!
- Next, expand the Mappings section:
- Click Provision Azure Active Directory Groups to display the Attribute Mapping page:
- Set Enabled to No, click the Save button, then click the ✖️ to return to Provisioning.
- Click Provision Azure Active Directory Users to display Attribute Mapping again, this time with SCIM Users configuration.
- In the Target Object Actions section, uncheck Delete.
- Go to the Attribute Mappings section. You may delete attributes you do not want to share with Millie; however, the following mappings are required, and must not be deleted:
- Click the Save button, then click the ✖️ to return to Provisioning.
- At the bottom of the Provisioning page, set Provisioning Status to On.
- Now click the Save button. Provisioning should start immediately.
This will disable what’s known as ”hard delete”s, which is intended. We support deprovisioning/deactivation through “soft delete”s which happens via the
Azure Active Directory Attribute
emails[type eq "work"].value
Switch([IsSoftDeleted], , "False", "True", "True", "False")
If you have questions, don't hesitate to contact us at email@example.com!