Which Joomla versions does this plugin support?

The plugin supports all Joomla versions including Joomla 3, 4, 5, and 6.

Is there a free version available?

Yes, the plugin offers a free version with core SAML SSO features. Premium plans add advanced options like Attribute Mapping, Group Mapping, and Multiple IdP support.

Does the plugin support Microsoft Entra ID (formerly Azure AD)?

Yes, it supports seamless SAML 2.0 Single Sign-On (SSO) integration with Microsoft Entra ID, previously known as Azure AD.

Can I configure multiple Identity Providers (IdPs)?

Yes, multiple IdP configuration is supported in the premium version of the plugin.

Is Single Logout (SLO) supported?

Yes, Single Logout (SLO) is supported and allows users to be logged out from all connected applications at once.

SAML Single Sign-On into Joomla using Azure AD/Microsoft Entra ID

Overview

The miniOrange Joomla SAML SP SSO plugin enables direct Single Sign-On integration between your Joomla website and Microsoft Entra ID (formerly Azure AD) using the SAML 2.0 protocol. Whether you're managing a single Joomla site or a multi-site network, this plugin delivers a secure, centralized login experience powered by your organization's existing Microsoft identity infrastructure.

With just a few configuration steps, users can authenticate into Joomla using their Entra ID credentials, eliminating the need for separate passwords and reducing IT overhead. The plugin is fully compatible with Joomla 3, 4, 5, and 6, and works out of the box with any SAML 2.0-compliant Identity Provider (IdP), making it a future-proof choice for enterprise SSO deployments.

Download Plugin

Pricing Plans

Free Trial

To setup Single Sign-On between Joomla and Azure AD/Microsoft Entra ID, you can also follow this step by step Setup Video.

Configuration Steps

In this setup, Azure AD/Microsoft Entra ID serves as the repository for storing users i.e. it will act as the IDP while Joomla is where users will log in using their credentials from Azure AD/Microsoft Entra ID where Joomla SAML SP SSO Plugin will be installed.

Step 1: Install Joomla SAML SP Plugin

Login into your Joomla site’s Administrator console.
From left toggle menu, click on System, then under Install section click on Extensions.
Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.

Installation of plugin is successful. Now click on Get Started!

Go to the Service Provider Metadata tab, here you can find the Metadata URL, download the metadata XML file, or you can copy the Entity ID and ACS URL directly.

Step 2: Configure Azure AD/Microsoft Entra ID as IDP (Identity Provider)

In this step, you'll configure Microsoft Entra ID (formerly Azure Active Directory) as your identity provider by setting up an Enterprise Application.
Log in to Microsoft Entra ID (Azure AD) Portal.
Select Enterprise Applications.

Click on New Application.

Click on Create your own Application and enter the App name then click on Create button.

Click on the Set up Single Sign-On.

Select SAML here.

Now, click on Edit button and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider Metadata tab of the plugin.

By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the User Attributes & Claims Step.

Copy App Federation Metadata URL. This will be used while configuring the Joomla SAML plugin.

Assign users and groups to your SAML application:

As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
Click on Users and groups from the applications left-hand navigation menu. The next screen presents the options for assigning the users/groups to the application.

After clicking on Add user/group, Select Users and groups in the Add Assignment screen.
The next screen shows the option to select users or invite external users. You can also assign groups to the application here. Select the appropriate user or group and click on Select button.

Step 3: Configure Joomla as SP (Service Provider)

In Joomla SAML plugin, go to Service Provider Setup tab. Then, click on the Add New IDP button. You can configure the IDP in three ways:

A. By uploading IDP metadata:

Here, click on the Choose File button and select the IDP metadata file, then click on Upload button.

B. By Metadata URL:

Enter Metadata URL (Copy from IDP app) and click on Fetch button.

C. Manual Configuration:

Copy SAML Entity ID, SAML Single-Sign-On Endpoint URL and X.509 certificate from Federation Metadata document and paste it in Idp Entity ID or Issuer, Single Sign-on URL, X.509 Certificate fields respectively in the plugin.

IdP Entity ID	SAML Entity ID in the Federation Metadata document
Single Sign-On URL	SAML Single-Sign-On Endpoint URL in the Federation Metadata document
X.509 Certificate Value	X.509 Certificate in the Federation Metadata document

Step 4: Test Configuration

Click Save to store your configuration. Once saved, the configured IDP will appear in the List of IDPs, where you can copy the SSO URL or manage the setup by editing the configured IDP, or deleting it as needed.

Finally, test the configuration by clicking the Test button. In the successful test window, you will see the attributes received from your IDP, allowing you to verify that the setup is working correctly.

Step 5: Attribute Mapping - Premium Feature

Attributes are user details that are stored in your Identity Provider.
Attribute Mapping helps you to get user attributes from your Identity Provider (IDP) and map them to Joomla user attributes like firstname, lastname, address, phone etc.
While auto registering the users in your Joomla site these attributes will automatically get mapped to your Joomla user details.
Go to Mapping tab and fill in all the fields in the Attribute Mapping section.

Username:	Name of the username attribute from IdP (Keep NameID by default)
Email:	Name of the email attribute from IdP (Keep NameID by default)
Name:	Name of the name attribute from IdP

You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.

Note: You can see how Attribute Mapping works here.

Step 6: Group Mapping - Premium Feature

Group/Role mapping helps you to assign specific roles to users of a certain group in your Identity Provider (IdP).
While auto registering, the users are assigned roles based on the group they are mapped to.

Note: You can see how Group/Role Mapping works here.

Step 7: Create group mapping in Entra ID

Navigate to Azure Active Directory > Enterprise Applications > Your SAML App.
Go to the Users and Groups section.
Click on the Add User/Group option.
Assign the required groups to the application.

If you are using an app registration, please follow the below steps:

Go to Azure Active Directory > App Registrations > Your App.
Click on the Manifest option in the left-hand menu.
Edit the Manifest:

Locate the "groupMembershipClaims" attribute.
Set its value based on your requirements:
"None": No group claims will be included.
"SecurityGroup": Includes only security groups.
"All": Includes both security and distribution groups.

Step 8: Redirection & SSO Links

Go to Login Settings tab. You can add login Url to Perform SAML SSO in your Joomla site by following the steps below.
There are multiple features available in this tab like Auto redirect the user to Identity Provider and Enable Backend Login for Super Users. To use these features, click on the respective checkboxes.

Click on the Upgrade tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans.
In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

Contents