SAML Single Sign-On (SSO) into Drupal using Azure AD/Microsoft Entra ID as IdP
Overview
The Drupal SAML integration using the miniOrange SAML SP module establishes seamless SSO between Microsoft Entra ID and the Drupal site. The users will be able to log in to the Drupal site using their Microsoft Entra ID credentials. This document will walk you through the steps to configure Single Sign-On - SSO between Drupal as a Service Provider (SP) and Microsoft Entra ID as an Identity Provider (IdP). The module is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10 and Drupal 11.
Installation Steps
- Using Composer
- Using Drush
- Manual Installation
Configuration Steps
Drupal SAML SP Metadata
- Go to Configuration → People → SAML Login Configuration in the Administration menu. (/admin/config/people/miniorange_saml/idp_setup)
- Navigate to the Service Provider Metadata and copy the metadata URL. (This is required in configuring the Delinea as a SAML IdP)
Configure SAML Single Sign-On Application in Microsoft Entra ID:
- Log in to your Microsoft Azure portal.
- Select Enterprise applications from the Azure services section.
- Click on the New application button.
- Click on the Create your own application button.
- In the Create your own application popup, enter the required information.
- What's the name of your app? Enter the Application name in the text field.
- What are you looking to do with your application? - Select the 3rd option, Integrate any other application you don't find in the gallery (Non-gallery) from the listed option.
- Click on Create.
- Click on Get Started under Set up single sign on card/box.
- Click on the SAML card/box.
- Click on the Upload metadata file button.
- Click on the File icon and upload the previously downloaded XML Metadata file from Drupal site.
- Then, click on the Add button.
- Verify the uploaded information in the Basic SAML Configuration dialogue box and click on the Save button.
- Copy the App Federation Metadata Url and keep it handy. (This information is needed to set up Drupal as a SAML SP.)
Assign Users and groups in the Azure Application:
- Click on Users and groups from the left navigation menu.
- Click on the Add user/group button.
- Click on the None Selected link.
- Under Users window on the right side, search for the users to be assigned and click on them.
- Click on the Select button, and then click on Assign button.
Configure Drupal as Service Provider:
- Navigate to the Service Provider Setup tab of the Drupal site and click on Upload IDP Metadata.
- Paste the previously copied App Federation Metadata Url (from Microsoft Entra ID) into the Upload Metadata URL text field.
- Click on the Fetch Metadata button.
Note: To update Identity Provider Name, follow these steps:
- Under Action, select the Edit.
- Enter Azure in the Identity Provider Name text field.
- Scroll down and click on the Save Configuration button.
- Click on the Test link to test the connection between Drupal and Microsoft Entra ID.
- On a Test Configuration popup, you will be prompted to sign in to Microsoft Entra ID if you don't have an active session in the same browser. After successfully logging in to Microsoft Entra ID, you will be provided with a list of attributes received from Microsoft Entra ID.
Congratulations! you have successfully configure Microsoft Entra ID as SAML Identity Provider (IdP) and Drupal as SAML Service Provider.
How does SAML SSO login work?
- Open a new browser/private window and navigate to the Drupal site login page.
- Click the Login using Identity Provider (Microsoft Entra ID) link.
- You will be redirected to the Microsoft Entra ID login page. Enter the Microsoft Entra ID credentials. After successful authentication, the user will be redirected back to the Drupal site.
Contact us
