How to Connect Microsoft Entra ID (former Active Directory) Single Sign-On (SSO) with SAML in UI Bakery


  • An Azure account with an active subscription.

  • Administrator rights on Azure AD.

  • A UI Bakery application up and running.

Create an Azure AD Application for SAML

  1. Click on Microsoft Entra ID from the sidebar.

  2. Under Manage, click on Enterprise applications.

  3. Click New application.

  4. In the Add from the gallery section, search for Microsoft Entra SAML Toolkit

Configure SAML in Azure

  1. After the application is added, click on Single sign-on from the left sidebar.

  2. Choose the SAML option.

  3. A section named Basic SAML Configuration will appear. This typically includes:

    • Identifier (Entity ID). May be any unique string.

    • Reply URL (Assertion Consumer Service URL). Should lead to your UI Bakery instance https://your_site/api/auth/login/saml

    • Sign-on URL (you can provide whatever you want here)

Integrate Azure AD with UI Bakery

Step 1: Set environment variables

You can find the values for UI_BAKERY_SAML_ENTITY_ID in the "Basic SAML configuration" section and for the UI_BAKERY_SAML_METADATA_URL in the "SAML Signing Certificate" section of the Azure portal. Ensure that UI_BAKERY_SAML_METADATA_URL contains the appid query parameter which value you can find in Azure application "Overview".


Step 2: Restart your UI Bakery instance

Docker compose setup may be restarted with the following command:

docker compose down && docker compose up -d

Test the Integration

  1. Attempt to log in to your UI Bakery application.

  2. You should be redirected to the Azure AD login page.

  3. After successful authentication, you should be redirected back to your UI Bakery application.


If you encounter issues during the integration, consider the following:

  1. Double-check the Entity ID and Reply URL configurations.

  2. Ensure that user attributes and claims are correctly mapped.

  3. Check Azure AD logs for authentication errors.

  4. Invite user groups or users directly to your application

Last updated