Adding the enterprise app to your Azure AD
Before starting to configure SCIM you have to add the app into Azure. Unfortunately due to the way Azure works, this CANNOT be done through the official AD Gallery as seen on this screenshot:
Instead you have to go into your Account > Authentication page in Looop and enable 'Microsoft Azure':
You can disable it later if you don’t want azure SSO after you have SCIM configured.
Log out of Looop
Click this button on the Looop login form:
Accept the permission request presented by Microsoft domain and click the checkbox:
You should get back into Looop. Now the enterprise app is added in your Azure AD! 🎉
SCIM Configuration Instructions
To enable SCIM provisioning, follow these steps:
In Looop application:
1. Log in as organisation administrator
2. Go to Account > Provisioning page:
3. You will find SCIM endpoint URL and a list of access tokens. If your list is empty, create a new one.
4. Copy the token.
On Azure platform:
Navigate to AD enterprise applications list (https://portal.azure.com/#blade/Microsoft_AAD_IAM/StartboardApplicationsMenuBlade/AllApps/menuId/)
Find the Looop app, go to 'Assign Users and Groups' blade to configure which users from your AD will have Looop app available to them. Consult with Azure guide in case of any questions, this is not specific to Looop application:
3. After configuring users and groups, return and click 'Get started' under 'Provision User Accounts' section
4. Switch 'Provisioning mode' to automatic 'Admin Credentials' section will become available
5. Fill in Admin Credentials using data provided by the Looop application:
6. Click on 'Test Connection' button, it should show 'Success' notification
7. In 'Mappings' section use default settings
8. Switch 'Provisioning Status' to 'On'
9. If needed, go into 'Edit provisioning' and modify your mappings as needed by your organisation.
10. Done! Azure will now provide data of users assigned to the app to Looop platform and they will be able to sign in via Azure SSO
Configure Looop for automatic user provisioning
The objective of this tutorial is to demonstrate the steps to be performed in Looop and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users and/or groups to Looop.
This tutorial describes a connector built on top of the Azure AD User Provisioning Service. For important details on what this service does, how it works, and frequently asked questions, see Automate user provisioning and de-provisioning to SaaS applications with Azure Active Directory.
For more detailed information on provisioning, please see this guide: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/looop-provisioning-tutorial