|
| 1 | +--- |
| 2 | +title: 'Tutorial: Configure Looop for automatic user provisioning with Azure Active Directory | Microsoft Docs' |
| 3 | +description: Learn how to configure Azure Active Directory to automatically provision and de-provision user accounts to Looop. |
| 4 | +services: active-directory |
| 5 | +documentationcenter: '' |
| 6 | +author: zchia |
| 7 | +writer: zchia |
| 8 | +manager: beatrizd |
| 9 | + |
| 10 | +ms.assetid: 0efe2262-43c3-4e0c-97fa-9344385638e2 |
| 11 | +ms.service: active-directory |
| 12 | +ms.subservice: saas-app-tutorial |
| 13 | +ms.workload: identity |
| 14 | +ms.tgt_pltfrm: na |
| 15 | +ms.devlang: na |
| 16 | +ms.topic: article |
| 17 | +ms.date: 09/19/2019 |
| 18 | +ms.author: Zhchia |
| 19 | +--- |
| 20 | + |
| 21 | +# Tutorial: Configure Looop for automatic user provisioning |
| 22 | + |
| 23 | +The objective of this tutorial is to demonstrate the steps to be performed in Looop and Azure Active Directory (Azure AD) to configure Azure AD to automatically provision and de-provision users and/or groups to Looop. |
| 24 | + |
| 25 | +> [!NOTE] |
| 26 | +> This tutorial describes a connector built on top of the Azure AD User Provisioning Service. For important details on what this service does, how it works, and frequently asked questions, see [Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory](../manage-apps/user-provisioning.md). |
| 27 | +> |
| 28 | +> This connector is currently in Public Preview. For more information on the general Microsoft Azure terms of use for Preview features, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). |
| 29 | +
|
| 30 | +## Prerequisites |
| 31 | + |
| 32 | +The scenario outlined in this tutorial assumes that you already have the following prerequisites: |
| 33 | + |
| 34 | +* An Azure AD tenant |
| 35 | +* [A Looop tenant](https://www.looop.co/pricing/) |
| 36 | +* A user account on a Looop with Administrator permissions. |
| 37 | + |
| 38 | +## Assign users to Looop |
| 39 | + |
| 40 | +Azure Active Directory uses a concept called assignments to determine which users should receive access to selected apps. In the context of automatic user provisioning, only the users and/or groups that have been assigned to an application in Azure AD are synchronized. |
| 41 | + |
| 42 | +Before configuring and enabling automatic user provisioning, you should decide which users and/or groups in Azure AD need access to Looop. Once decided, you can assign these users and/or groups to Looop by following the instructions here: |
| 43 | + |
| 44 | +* [Assign a user or group to an enterprise app](../manage-apps/assign-user-or-group-access-portal.md) |
| 45 | + |
| 46 | +### Important tips for assigning users to Looop |
| 47 | + |
| 48 | +* It is recommended that a single Azure AD user is assigned to Looop to test the automatic user provisioning configuration. Additional users and/or groups may be assigned later. |
| 49 | + |
| 50 | +* When assigning a user to Looop, you must select any valid application-specific role (if available) in the assignment dialog. Users with the **Default Access** role are excluded from provisioning. |
| 51 | + |
| 52 | +## Set up Looop for provisioning |
| 53 | + |
| 54 | +Before configuring Looop for automatic user provisioning with Azure AD, you will need to retrieve some provisioning information from Looop. |
| 55 | + |
| 56 | +1. Sign in to your [Looop Admin Console](https://app.looop.co/#/login) and select **Account**. Under **Account Settings** select **Authentication**. |
| 57 | + |
| 58 | +  |
| 59 | + |
| 60 | +2. Generate a new token by clicking **Reset Token** under **SCIM Integration**. |
| 61 | + |
| 62 | +  |
| 63 | + |
| 64 | +3. Copy the **SCIM Endpoint** and the **Token**. These values will be entered in the **Tenant URL** and **Secret Token** fields in the Provisioning tab of your Looop application in the Azure portal. |
| 65 | + |
| 66 | +  |
| 67 | + |
| 68 | +## Add Looop from the gallery |
| 69 | + |
| 70 | +To configure Looop for automatic user provisioning with Azure AD, you need to add Looop from the Azure AD application gallery to your list of managed SaaS applications. |
| 71 | + |
| 72 | +1. In the **[Azure portal](https://portal.azure.com)**, in the left navigation panel, select **Azure Active Directory**. |
| 73 | + |
| 74 | +  |
| 75 | + |
| 76 | +2. Go to **Enterprise applications**, and then select **All applications**. |
| 77 | + |
| 78 | +  |
| 79 | + |
| 80 | +3. To add a new application, select the **New application** button at the top of the pane. |
| 81 | + |
| 82 | +  |
| 83 | + |
| 84 | +4. In the search box, enter **Looop**, select **Looop** in the results panel. |
| 85 | + |
| 86 | +  |
| 87 | + |
| 88 | +5. Select the **Sign-up for Looop** button which will redirect you to Looop's login page. |
| 89 | + |
| 90 | +  |
| 91 | + |
| 92 | +6. As Looop is an OpenIDConnect app, choose to login to Looop using your Microsoft work account. |
| 93 | + |
| 94 | +  |
| 95 | + |
| 96 | +7. After a successful authentication, accept the consent prompt for the consent page. The application will then be automatically added to your tenant and you will be redirected to your Looop account. |
| 97 | + |
| 98 | +  |
| 99 | + |
| 100 | +## Configure automatic user provisioning to Looop |
| 101 | + |
| 102 | +This section guides you through the steps to configure the Azure AD provisioning service to create, update, and disable users and/or groups in Looop based on user and/or group assignments in Azure AD. |
| 103 | + |
| 104 | +### To configure automatic user provisioning for Looop in Azure AD: |
| 105 | + |
| 106 | +1. Sign in to the [Azure portal](https://portal.azure.com). Select **Enterprise Applications**, then select **All applications**. |
| 107 | + |
| 108 | +  |
| 109 | + |
| 110 | +2. In the applications list, select **Looop**. |
| 111 | + |
| 112 | +  |
| 113 | + |
| 114 | +3. Select the **Provisioning** tab. |
| 115 | + |
| 116 | +  |
| 117 | + |
| 118 | +4. Set the **Provisioning Mode** to **Automatic**. |
| 119 | + |
| 120 | +  |
| 121 | + |
| 122 | +5. Under the **Admin Credentials** section, input `https://<organisation_domain>.looop.co/scim/v2` in **Tenant URL**. For example `https://demo.looop.co/scim/v2`. Input the value that you retrieved and saved earlier from Looop in **Secret Token**. Click **Test Connection** to ensure Azure AD can connect to Looop. If the connection fails, ensure your Looop account has Admin permissions and try again. |
| 123 | + |
| 124 | +  |
| 125 | + |
| 126 | +6. In the **Notification Email** field, enter the email address of a person or group who should receive the provisioning error notifications and check the checkbox - **Send an email notification when a failure occurs**. |
| 127 | + |
| 128 | +  |
| 129 | + |
| 130 | +7. Click **Save**. |
| 131 | + |
| 132 | +8. Under the **Mappings** section, select **Synchronize Azure Active Directory Users to Looop**. |
| 133 | + |
| 134 | +  |
| 135 | + |
| 136 | +9. Review the user attributes that are synchronized from Azure AD to Looop in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the user accounts in Looop for update operations. Select the **Save** button to commit any changes. |
| 137 | + |
| 138 | +  |
| 139 | + |
| 140 | +10. Under the **Mappings** section, select **Synchronize Azure Active Directory Groups to Meta Networks Connector**. |
| 141 | + |
| 142 | +  |
| 143 | + |
| 144 | +11. Review the group attributes that are synchronized from Azure AD to Meta Networks Connector in the **Attribute Mapping** section. The attributes selected as **Matching** properties are used to match the groups in Meta Networks Connector for update operations. Select the **Save** button to commit any changes. |
| 145 | + |
| 146 | +  |
| 147 | + |
| 148 | +10. To configure scoping filters, refer to the following instructions provided in the [Scoping filter tutorial](../manage-apps/define-conditional-rules-for-provisioning-user-accounts.md). |
| 149 | + |
| 150 | +11. To enable the Azure AD provisioning service for Looop, change the **Provisioning Status** to **On** in the **Settings** section. |
| 151 | + |
| 152 | +  |
| 153 | + |
| 154 | +12. Define the users and/or groups that you would like to provision to Looop by choosing the desired values in **Scope** in the **Settings** section. |
| 155 | + |
| 156 | +  |
| 157 | + |
| 158 | +13. When you are ready to provision, click **Save**. |
| 159 | + |
| 160 | +  |
| 161 | + |
| 162 | +This operation starts the initial synchronization of all users and/or groups defined in **Scope** in the **Settings** section. The initial sync takes longer to perform than subsequent syncs, which occur approximately every 40 minutes as long as the Azure AD provisioning service is running. You can use the **Synchronization Details** section to monitor progress and follow links to provisioning activity report, which describes all actions performed by the Azure AD provisioning service on Looop. |
| 163 | + |
| 164 | +For more information on how to read the Azure AD provisioning logs, see [Reporting on automatic user account provisioning](../manage-apps/check-status-user-account-provisioning.md). |
| 165 | + |
| 166 | +## Additional resources |
| 167 | + |
| 168 | +* [Managing user account provisioning for Enterprise Apps](../manage-apps/configure-automatic-user-provisioning-portal.md) |
| 169 | +* [What is application access and single sign-on with Azure Active Directory?](../manage-apps/what-is-single-sign-on.md) |
| 170 | + |
| 171 | +## Next steps |
| 172 | + |
| 173 | +* [Learn how to review logs and get reports on provisioning activity](../manage-apps/check-status-user-account-provisioning.md) |
| 174 | + |
| 175 | + |
0 commit comments