Azure AD SAML
How to Connect Microsoft Entra ID (former Active Directory) Single Sign-On (SSO) with SAML in UI Bakery
Last updated
How to Connect Microsoft Entra ID (former Active Directory) Single Sign-On (SSO) with SAML in UI Bakery
Last updated
An Azure account with an active subscription.
Administrator rights on Azure AD.
A UI Bakery application up and running.
Click on Microsoft Entra ID from the sidebar.
Under Manage, click on Enterprise applications.
Click New application.
In the Add from the gallery section, search for Microsoft Entra SAML Toolkit
After the application is added, click on Single sign-on from the left sidebar.
Choose the SAML option.
A section named Basic SAML Configuration will appear. This typically includes:
Identifier (Entity ID). May be any unique string.
Reply URL (Assertion Consumer Service URL). Should lead to your UI Bakery instance https://your_site/api/auth/login/saml
Sign-on URL (you can provide whatever you want here)
You can find the values for UI_BAKERY_SAML_ENTITY_ID in the "Basic SAML configuration" section and for the UI_BAKERY_SAML_METADATA_URL in the "SAML Signing Certificate" section of the Azure portal.
Ensure that UI_BAKERY_SAML_METADATA_URL contains the appid query parameter which value you can find in Azure application "Overview".
Docker compose setup may be restarted with the following command:
Attempt to log in to your UI Bakery application.
You should be redirected to the Azure AD login page.
After successful authentication, you should be redirected back to your UI Bakery application.
If you encounter issues during the integration, consider the following:
Double-check the Entity ID and Reply URL configurations.
Ensure that user attributes and claims are correctly mapped.
Check Azure AD logs for authentication errors.
Invite user groups or users directly to your application
