Configure Mentorloop as an Enterprise Application in Microsoft Entra ID

Tracy Bongiorno
Tracy Bongiorno
  • Updated

This feature is only available on a Mentorloop Enterprise plan

Prerequisite: Contact customer success to get started

If you haven't yet discussed SSO with us, let your customer success manager (CSM) know you'd like to enable it. Your CSM can get the process started to enable SSO via SAML for your mentoring program. Once you're ready to go, we will send you an email with the details you need to complete the steps below.

 

Step 1: Add the Mentorloop Application

From the Microsoft Entra ID dashboard, click Enterprise applications in the left nav.

entra id overview.png

 

Click New application in the top menu.

entra id - enterprise applications.png

 

Click Create your own application.

entra gallery.png

 

Give your application a name. This is the name your users will see for the application in their dashboard. We recommend using Mentorloop SSO. Click Create to continue.

entra id - new application.png

 

Step 2: Configure SAML SSO

1. From the application dashboard, click Single sign-on.

 

2. Click SAML for the single sign-on method.

 

3. Click Upload metadata file. Select the file provided to you by Mentorloop, and click Save.

 

4. In the Attributes & Claims section, click Edit.

 

5. Click Unique User Identifier (Name ID).

 

6. Select Persistent as the Name identifier format. Click Save. Close this screen and the next with the X button at the top right.

 

Let us know what additional claims you would like to map to your participant profile fields.

 

7. You are now able to assign users or groups to the newly created application. Please refer to the Microsoft Entra ID documentation for information on provisioning users for applications.

Please ensure that all eligible users are granted permission to this SAML application to avoid barriers to joining the mentoring program.

 

 

Step 3: Setting up SCIM with Microsoft Entra ID

Obtain your SCIM endpoint and token

Contact Mentorloop to enable SCIM for your account.

If you are not setting up automatic deprovisioning with SCIM, skip to Step 4.

You will receive:

    • SCIM Base URL: https://{mentorloop domain}/scim/saml/{provider name}
    • SCIM Bearer Token: A unique authentication token

Configure SCIM in Entra ID

  1. Sign in to the Azure portal

  2. Navigate to Azure Active Directory > Enterprise applications

  3. Select your existing Mentorloop SAML application

  4. In the left navigation, select Provisioning

    Provisioning

  5. Click New configuration

    New configuration

  6. Under Admin credentials, enter:

    • Tenant URL: Your SCIM Base URL

    • Secret Token: The SCIM Bearer Token provided by Mentorloop

      New configuration

  7. Click Test connection to verify the credentials

  8. Attribute mappings:

    • Disable for Groups
    • Enable for Users and ensure the following attributes are mapped:

      1. Enable Delete for Target Object Actions

      2. userName to the appropriate attribute (typically email or userPrincipalName). Note: This needs to match the same attribute that your SAML configuration uses for Name ID.

      3. active ensure the attribute is being sent as false when a user is deleted or disabled in Entra ID.

        Attribute mapping (preview)

        Attribute mapping

  9. Click Start provisioning

    Start provisioning

Verifying deprovisioning works

To verify that deprovisioning is working correctly:

  1. Entra ID:
    • Disable a test user in Entra ID or remove their assignment to the Mentorloop SAML application
    • Check the provisioning logs in Entra ID to confirm the deprovisioning action was sent
  2. In Mentorloop:
    • Verify the user can no longer log in by attempting to login as that user.
    • As a Program Coordinator (PC) or an Org Admin, confirm the user has been removed from your programs.

Troubleshooting

Common issues and solutions

Issue Possible solutions
Failed connection test

- Verify SCIM URL and token are correct

- Ensure your network allows communication to Mentorloop's SCIM endpoint

- Contact Mentorloop support

Users not being deprovisioned

- Check that deprovisioning is enabled in your IdP settings

- Verify user mappings are correctly configured

- Check logs in your IdP for errors

Error during provisioning sync

- Review provisioning logs in your IdP

- Ensure all required attributes are properly mapped

- Contact Mentorloop support with error details.

 

Provisioning logs

Entra ID provides detailed logs for provisioning events:

  • Entra ID: Navigate to Azure Active Directory > Enterprise applications > Your Mentorloop SAML app > Provisioning logs

Need help?

If you encounter any issues while setting up SCIM deprovisioning, please contact Mentorloop support with:

  1. Screenshots of your configuration
  2. Any error messages you're receiving
  3. Details about the specific problem you're experiencing

 

Step 4: Provide Mentorloop with the generated metadata URL

In order to integrate your Active Directory with the Mentorloop application, the Mentorloop team requires some configuration data.

In the SAML Signing Certificate section, click the Copy button for the App Federation Metadata Url field. Provide this value to Mentorloop.

 

Mentorloop will provision the SSO login for your programs and follow up with you on next steps for confirming the SSO setup.

 

 

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request