Joget SSO with Microsoft Entra ID

Integrating Joget with Azure Active Directory for Single Sign-On (SSO) is important in environments where security and efficiency are prioritized. By linking Joget with Azure AD, the login process for your users is simplified, improving their experience and reducing administrative burden. Additionally, you'll have secure and centralized access to Joget applications, strengthening system security and complying with security standards.

To configure Joget integration with Azure Active Directory, follow these steps:

Install the Joget SAML plugin

To install the SAML plugin on Joget, follow the steps below:

1. Install the Joget SAML Plugin from the Joget Marketplace.
2. Open Joget.
3. Go to System Settings > General Settings.
4. Set API Domain Whitelist   to *
   
   You will get a 400 Forbidden error when performing the SSO if this is not set.
5. Go to System Settings > Directory Manager.
6. Select the Joget SAML Plugin.
7. In the Plugin configuration, copy the Entity ID and ACS URL.
   Azure AD requires the ACS URL to be HTTPS, so your Joget installation must run under HTTPS. 
   

Configure Microsoft Entra ID for SAML

Follow the steps below to configure Microsoft Entra ID for SAML directory:

1. Sign in to the Azure portal. Go to Azure > Browse Microsoft Entra Gallery and click Create your own application. 
2. Name your application and select the Integrate any other application you don't find in the gallery (Non-gallery) option.
3. Click Create to add an application.
   
   
4. Select the application.
5. Click Set up single sign-on.
   
6. Select SAML. 
   
7. Under Basic SAML Configuration, click the Edit pencil icon.
8. Input the Joget SAML Identifier (Entity ID) and Reply URL (Assertion Consumer Service (ACS) URL) copied earlier.
9. Click Save.
   
   
   
10. Under User Attributes & Claims, click the Edit pencil icon.
11. Configure the claims in the following way:
    
    • Unique User Identifier (Name ID): user.userprincipalname
    • Email: user.mail
    • User.FirstName: user.givenname
    • User.LastName: user.surname
      
12. Under SAML Signing Certificates, download the Certificate (Base64). It will later be used to configure the Joget SAML Plugin.
    
13. Access Users and Groups on the sidebar menu.
14. Add the users allowed to access Joget (you may add yourself to the listing to test the login later).
    

Set up the Joget SAML plugin

Follow the steps below to set up your SAML Plugin.

1. Open the certificate file downloaded in the previous section.
2. Copy its contents (without the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines).
3. Open Joget.
4. Go to System Settings > Directory Manager.
5. Select the Joget SAML Plugin.
6. Paste the contents in the IDP Certificate field.
   
   
7. Click Submit.

Configure Custom User Attributes

Key in the values of the user attributes.

Test the SAML SSO

To test the SAML SSO, go to the Azure My Apps Portal, click on the application, and select the user to perform the SSO. The current user will be logged into Joget if the SSO configuration is correct.

Additional resources

For further information and detailed documentation, you can refer to the following resources:

• The source code for this plugin is available in the open-source repository. JogetOSS, a community-led initiative for open-source software related to the Joget no-code/low-code application platform, manages this repository. Projects under JogetOSS are community-driven and community-supported, and contributions are welcome.
• Azure Active Directory Documentation
• Joget SharePoint SSO Integration