Search Results :

×
Sign Up Contact Us

Contents

Joomla OAuth Client Integration with Microsoft Entra ID Single Sign-On (SSO)

This guide provides a step-by-step walkthrough for configuring our Joomla OAuth Client extension to use Microsoft Entra ID (formerly Azure Active Directory) as the authentication provider. The goal is to enable your users to sign into Joomla using their organizational work or school accounts.

Integrating with Microsoft Entra ID is ideal for businesses, schools, and organizations that use the Microsoft ecosystem. It allows you to leverage your existing user directory for Single Sign-On (SSO), enhancing security and streamlining the login process for your employees, students, or members. Our extension handles the OAuth 2.0 authentication flow, creating a secure link between your Joomla site and your Microsoft tenant.

download plugin button Download Plugin plugin pricing button plugin pricing button Pricing Plans free trial plugin free trial plugin Free Trial Handbook plugin Handbook plugin Handbook

Youtube-color Created with Sketch.

To setup OAuth Single Sign-On between Joomla and Microsoft Entra ID, you can also follow this step by step Setup Video.

In this configuration, Microsoft Entra ID functions as the OAuth server, while Joomla allows users to log in with their Microsoft Entra ID credentials by utilizing the Joomla OAuth Client Plugin.

  • Login into your Joomla site’s Administrator console.
  • From left toggle menu, click on System, then under Install section click on Extensions.
  • Now click on Or Browse for file button to locate and install the plugin file downloaded earlier.
  • Installation of plugin is successful. Now click on Get Started!
  • Under Configure OAuth -> Pre-Configured Apps tab, select your OAuth Provider. You can also search for custom OAuth or custom OpenID application in the search bar, and configure your own custom provider.
Get Started with OAuth Client Setup

  • After selecting your OAuth provider, you will be redirected to the Step 1 [Redirect URL] tab. Now copy the Callback/Redirect URL which we will use to configure the OAuth Server, then click on the Save & Next button.
Get Started with OAuth Client Setup

Follow the steps below to configure Microsoft Entra ID as your OAuth Provider.

  • Log into the Azure Dashboard.
  • Click on Microsoft Entra ID under Azure services.
Azure Dashboard

  • In the left-hand navigation pane, click the App registrations, and click on New registration.
Microsoft Entra ID New Registration

  • When the Create page appears, enter your application's registration information:
Name: Name of your application.
Application type:
Sign-on URL:
  • For "Web app / API" applications, provide the base URL of your app. eg, https://<domain-name>/mo_login might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application.
  • For "Native" applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application.
    eg, https://localhost/joomla

  • Under Redirect URL, select Web from the dropdown and enter the Callback URL copied earlier in the given field. Then, click on the Register button to register the new application.
Enter Callback URL

  • Now go to the Overview tab of your registered application. Here, copy the Application ID and the Directory ID, this will be your Client ID and Tenant ID respectively.
Copy Client ID and Secret

  • Go to Certificates and Secrets from the left navigation pane and click on New Client Secret. Enter description and expiration time and click on Add option.
Certificates and Secrets

  • Copy value. This will be your Client Secret.
Enter Client Secret

Create SSO Application in Microsoft Entra ID:

  • Log in to the Microsoft Entra IDportal.
  • Select App registrations from the left side navigation bar under the Applications section.
Microsoft Entra ID SSO Login Select App registrations

  • Now, click on the + New registration button.
Microsoft Entra ID SSO click New registration

  • In the Register an application window, enter the following information:
    • Name: Enter the Application name.
    • Supported account types: Select the 1st option, Accounts in this organizational directory only (Test only - Single tenant). You can refer the Help me choose link.
    • Redirect URI (optional): Select Web from the Select a platform dropdown list. Then, in the text field, paste the previously copied Callback/Redirect URL.
    • Click on the Register button.
Microsoft Entra ID SSO Registration an application

  • Microsoft Entra ID assign a unique Application ID to your application. Copy the Application (client) ID. This is your Client ID.
Test-App-Microsoft-Azure-Copy-the-Application-ID

  • Now, click on the Add a certificate or secret link.
Microsoft Entra ID portal - Click on Add a certificate or secret link

  • Click on the New client secret button. In the Add a client secret popup, enter the required information:
    • Description: Enter the description for this Secret.
    • Expires: Select an expiry duration for this Secret from the dropdown.
    • Click on the Add button.
Microsoft Entra ID SSO - Add a client secret and expires duration in the Add a client secret window

  • Copy the Value from the Client secrets tab. This is Client Secret.
Joomla OAuth OpenID OIDC Single Sign On (SSO) Paste the copied client secret valur into the Client Secret text field

  • Navigate to the Overview from the left side panel.
  • Under Essentials section, copy the Directory (tenant) ID. This will be your Tenant-ID.
Microsoft Entra ID Dashboard - copy the Directory (tenant) ID

  • Go back to your Joomla Dashboard. Then go to Step 2 [Client ID & Secret].
  • Paste the Client ID, Client Secret and Domain. Also Set Client Credentials In header and body then click on Save Settings. Once Settings are saved then click on Save Configuration.
Upload IdP Metadata

  • If you want to Enable Scopes, you can follow the following steps:
    • Go to Application -> Select the application where you want to enable scopes. Now, Go to the API Permissions tab.
    API Permissions

    • Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.
    Add Permissions

    • Click on the Grant admin consent for Default Directory button.
    Grant Consent

Scope Openid email Profile
Authorize Endpoint https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/authorize
Access Token Endpoint https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/token
Get User Info Endpoint https://graph.microsoft.com/beta/me
Set Client Credentials In Header and In Body

  • User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
  • Go to Step 3 [Attribute Mapping] tab and click on Test Configuration button.
Attribute Mapping

  • You will be able to see the attributes in the Test Configuration output as follows.
Upload IdP Metadata

  • Now select the attribute name for Email and Username from dropdown. Then click on Finish Configuration button.
Upload IdP Metadata

  • Now go to Step 4 [SSO URL] tab, here copy the Login/SSO URL and add it to your Site by following the given steps.
Upload IdP Metadata

  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.


ADFS_sso ×
Hello there!

Need Help? We are right here!

support