Search Results :

×

Configure Azure AD Single Sign-On (SSO) with Joomla OAuth Client Plugin


Set up Single Sign-On (SSO) on your Joomla website with Azure AD Single Sign-on (Azure Active Directory SSO) using our Joomla OAuth & OpenID Connect Single Sign-On plugin. Joomla OAuth Client plugin with Azure AD as IDP allows users to log into Joomla websites and applications with a single set of credentials.

Azure AD, or Active Directory, acts as the OAuth Provider and Joomla acts as the OAuth Client. Joomla Azure AD SSO provides smooth login between these two, removing the need to remember usernames and passwords.

The plugin provides advanced SSO features like user profile attribute mapping, role mapping, and Azure multi-tenant login and providing site access based on organization email domains.

Visit our Joomla OAuth Client Plugin page to learn more about the features and Pricing plans we offer for the Joomla OAuth Single Sign-on (OAuth & OpenID connect) plugin.

Pre-requisites : Download And Installation

Steps to Configure Azure AD Single Sign-On (SSO) into Joomla

Follow the steps given below to setup the Joomla OAuth Client plugin. You can also refer to this Setup video for configuring the plugin.

1. Install Joomla OAuth Client Plugin

  • Download the zip file for the miniOrange OAuth Client plugin for Joomla.
  • Login into your Joomla site’s administrator console.
  • From left toggle menu, click on System, then under Install section click on Extension.
  • Upload the downloaded zip file to install the Joomla OAuth Client plugin.
  • Installation of the plugin is successful. Now click on Start Using miniOrange OAuth Client plugin.
  • Under Configure OAuth tab. Select Azure AD as an OAuth Provider.
  • Azure Single Sign-On (SSO) OAuth/OpenID-addapp-shortcut
  • Now copy the Callback / Redirect URL which is needed while configuring Azure AD as OAuth Server.
  • Azure Single Sign-On (SSO) OAuth/OpenID-addapp-shortcut

2. Setup Azure AD as an OAuth Provider

  • Sign in to Azure portal.
  • Click on Azure Active Directory/Microsoft Entra ID from Azure services.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • In the left-hand navigation pane, click the App registrations service, and click New registration.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • When the Create page appears, enter your application's registration information:
  • Name : Name of your application.
    Application type :
    1. Select "Native" for client applications that are installed locally on a device. This setting is used for OAuth public native clients
    2. Select "Web app / API" for client applications and resource/API applications that are installed on a secure server. This setting is used for OAuth confidential web clients and public user-agent-based clients. The same application can also expose both a client and resource/API.
    Sign-on URL :
    1. For "Web app / API" applications, provide the base URL of your app. eg, https://<domain-name>/mo_login might be the URL for a web app running on your local machine. Users would use this URL to sign in to a web client application.
    2. For "Native" applications, provide the URI used by Azure AD to return token responses. Enter a value specific to your application.
      eg, https://localhost/joomla
  • Under Redirect URL, select Web from the dropdown and enter the Callback URL copied earlier in the given field.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD

3. Integrating Joomla with Azure AD

  • When finished, click Register. Azure AD assigns a unique Application ID to your application. Copy Application ID and the Directory ID, this will be your Client ID and Tenant ID respectively.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • Go to Certificates and Secrets from the left navigaton pane and click on New Client Secret. Enter description and expiration time and click on Add option.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • Copy value. This will be your Secret key.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • Paste the Client ID, Client Secret and Tenant. click on Save Settings.
  • Azure AD SSO into Joomla | Login to Joomla using Azure AD
  • Azure AD Scope and Endpoints:
  • Scope: openid email profile
    Authorize Endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/authorize
    Access Token Endpoint: https://login.microsoftonline.com/[tenant-id]/oauth2/v2.0/token
    Get User Info Endpoint: https://graph.microsoft.com/beta/me
    Set Client Credentials: In Both (In Header and In Body)
  • Now click on Test Configuration button, you will be able to see the attributes in the Test Configuration output as follows.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID

4. Azure AD Attribute Mapping

  • User Attribute Mapping is mandatory for enabling users to successfully login into Joomla. We will be setting up user profile attributes for Joomla using below settings.
  • Now go to the Attribute Mapping tab and Select the attribute name for Email and Username from dropdown. Then click on Save Attribute Mapping button.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Now you can use Login / SSO URL to perform SSO.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Now logout and go to your Joomla site's pages where you have added this link. You will see a login link where you placed that button. Click on this button to perform SSO.

5. Azure AD Grant Consent & Role/Group Mapping

  • Go to Application --> Select the application where you want to configure the group mapping. Now, Go to the API Permissions tab.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Click on the Add permission button, and then Microsoft Graph API -> Delegated Permissions and select openid, Profile scope and click on the Add Permissions button.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Click on the Grant consent for Demo button.
  • Go to Manifest tab and find groupMembershipClaims and changes it’s value to "All" and click on the save button.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Now you would be able to get the group's value in the Test configuration window.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Now go back to Joomla OAuth Client plugin.
  • Go to the Attribute Mapping section in the plugin and map the Attribute Names from the Test Configuration table. Now enter Group Attribute name on the given field. (Refer to the screenshot)
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Now go to the Role Mapping tab. Here make sure that Enable Role Mapping is checked. Now assign the Group/Role names to the desired groups in Joomla, then click on Save Role Mapping Settings button.
  •  Azure AD Single Sign-On (SSO) OAuth/OpenID
  • Congratulations, you have successfully configured the miniOrange OAuth Client plugin with your Azure AD/Microsoft Intra ID OAuth Provider.
  • Click on the Upgrade Plans tab to check out our complete list of features and various licensing plans. OR you can click here to check features and licensing plans.
  • If you want to purchase any of the paid version of the plugin, you have to register/login with us in Account Setup tab. OR you can register/login here.
  • In case, you are facing some issue or have any question in mind, you can reach out to us by sending us your query through the Support button in the plugin or by sending us a mail at joomlasupport@xecurify.com.

In this guide, you have successfully configured Joomla Azure AD Single Sign-On (SSO) by configuring Azure AD as OAuth Provider and Joomla as OAuth Client using our Joomla OAuth Client plugin.This solution ensures that you are ready to roll out secure access to your Joomla site using Azure AD login credentials within minutes.

Joomla Azure Integrator

Joomla Azure AD Integration

Azure AD Integration allows you to achieve seamless Login, Registration, Profile Update, and Password Reset of Azure AD and Azure B2C users from Joomla.

Additional Resources


Mail us on joomlasupport@xecurify.com for quick guidance(via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com