Millie SAML Single Sign-On (SSO) integration

This topic describes how to configure Millie for Single Sign-On (SSO) in CyberArk Identity using SAML.

SSO supported features

This application template supports the following features:

  • IdP-initiated SSO

  • SP-initiated SSO

  • Just-in-time (JIT) provisioning

Before you begin

Create an account in the Millie application with administrator access.

Configure the Millie app template in the Identity Administration portal

Step 1: Add the Millie web app template

  1. In the Identity Administration portal, select Apps & Widgets > Web Apps, then click Add Web Apps.

    Add a web app screen

  2. On the Search page, enter the application name in the Search field and click the search button.

  3. Next to the application name, click Add.

  4. On the Add Web App page, click Yes to confirm.

  5. Click Close to exit the Application Catalog.

    The application opens to the Settings page.

Step 2: Configure Trust settings

  1. Go to the Trust settings.

  1. In the Identity Provider Configuration section, select Metadata, then click Download Metadata File to download the IdP metadata. Send the file to tech@milliegiving.com. Later, this file will be uploaded to the Millie application.

  2. In the Service Provider Configuration section, select Manual Configuration, enter the following SAML settings, and click Save after you finish.

    Service provider settings
    Setting Description

    SP Entity ID

    Sign in to the Millie application as an administrator, copy the Metadata URL value, and paste it into this field. For example:

    https://app.milliegiving.com/saml/millie/metadata

    Assertion Consumer Service (ACS) URL

    Copy the ACS URL value from the Millie application (Settings > Account Settings > Single sign-on) and paste it into this field. For example:

    https://app.milliegiving.com/saml/millie/acs

Step 3: Configure permissions to grant Millie users SSO access

Grant SSO access to Millie by assigning permissions to users, groups, or roles.

  1. On the Permissions page, click Add.

  2. Select the user(s), group(s), or role(s) that you want to grant permissions to, then click Add.

    The added object appears on the Permissions page with View, Run, and Automatically Deploy permissions selected by default.

  3. Select the permissions you want and click Save.

    Default permissions automatically deploy the application to the User Portal if the Show in user app list option is selected on the Settings page. Do not select this option if you intend to use only SP-initiated SSO.

    Change the permissions if you want to add additional control or if you prefer not to automatically deploy the application.

Step 4: Review and save

Review your settings to confirm your configuration. For example, you might want to verify that you selected the appropriate users, groups, or roles on the Permissions page. Click Save when you are satisfied.

Configure Millie for SAML SSO

Perform these steps in Millie to configure the Millie application template for SSO.

  1. Sign in to the Millie application as an administrator.

  2. Go to Settings > Account Settings > Single sign-on.

  3. Upload the IdP metadata file you sent to tech@milliegiving.com.

  4. Click Save SSO.

Test the Millie SSO configuration

Now that you have finished configuring the application template settings in the Identity Administration portal and Millie, Millie users can benefit from IdP- and SP-initiated SSO.

To test IdP-initiated SSO:

  1. Sign in to CyberArk Identity with the user account you just added.

  2. Click the Millie application tile to launch Millie in a new tab and automatically sign in.

To test SP-initiated SSO:

  1. Go to your Millie account sign-in page.

  2. Enter your Millie Account ID and click Log in to your account with SSO.

You are redirected to the IdP for authentication. After successful authentication, you are redirected back to Millie, which displays the web interface.

Additional information

See the Millie documentation for additional resources:

https://support.milliegiving.com/sso