Prerequisites

• An Azure account with an active subscription.

• Administrator rights on Azure AD.

• A UI Bakery application up and running.

Create an Azure AD Application for SAML

1. Click on Microsoft Entra ID from the sidebar.

2. Under Manage, click on Enterprise applications.

3. Click New application.

4. In the Add from the gallery section, search for Microsoft Entra SAML Toolkit

Configure SAML in Azure

1. After the application is added, click on Single sign-on from the left sidebar.

2. Choose the SAML option.

3. A section named Basic SAML Configuration will appear. This typically includes:

   • Identifier (Entity ID). May be any unique string.

   • Reply URL (Assertion Consumer Service URL). Should lead to your UI Bakery instance https://your_site/api/auth/login/saml

   • Sign-on URL (you can provide whatever you want here)

Integrate Azure AD with UI Bakery

Step 1: Set environment variables

UI_BAKERY_SAML_ENABLED=true
# you can find it in your entrpise application as App Federation Metadata Url
UI_BAKERY_SAML_METADATA_URL=https://login.microsoftonline.com/id/federationmetadata/2007-06/federationmetadata.xml?appid=appid
UI_BAKERY_SAML_ENTITY_ID=<your-entity-id>
UI_BAKERY_BRANDING_AUTH_SSO_BTN_TEXT=Login with Microsoft

Step 2: Restart your UI Bakery instance

Docker compose setup may be restarted with the following command:

docker compose down && docker compose up -d

Test the Integration

1. Attempt to log in to your UI Bakery application.

2. You should be redirected to the Azure AD login page.

3. After successful authentication, you should be redirected back to your UI Bakery application.

Troubleshooting

If you encounter issues during the integration, consider the following:

1. Double-check the Entity ID and Reply URL configurations.

2. Ensure that user attributes and claims are correctly mapped.

3. Check Azure AD logs for authentication errors.

4. Invite user groups or users directly to your application