How to Enable SSO Integration

June 16, 2021

This tutorial will help you to integrate Jotform with an identity provider platform to set up single sign-on (SSO) for Enterprise users. Once you complete the SSO integration, your users can log in using your organization’s identity provider. 

Configure Jotform

To configure Jotform, you can follow the steps below:
1. Go to the Admin Panel of your Jotform Enterprise server.
2. Click on the Account Settings tab and toggle the “Enable Single Sign-On” to ON:
3. Copy SERVICE PROVIDER METADATA links to use for SAML configuration at identity provider side.
IMPORTANT NOTE: 
In case if a custom domain is added for the server, you need to revise the SERVICE PROVIDER METADATA at IDP settings
4. You need to configure SAML in your identity provider account. You will use the links you have already copied in Service Provider Metadata.
›››  OKTA
›››  AZURE
›››  OneLogin

5. Use the details you have copied from the identity provider for the following fields:
Okta IDP:
Use Identity Provider Issuer for Entity ID
Use Identity Provider Single Sign-On URL for SSO URL
Use X.509 Certificate for Certificate
Azure AD:
Use Azure AD Identifier for Entity ID
Use Login URL for SSO URL
Use Certificate for Certificate
OneLogin:
Use Issuer URL for Entity ID
Use SAML 2.0 Endpoint (HTTP) for SSO URL
Use X.509 Certificate for Certificate
6. Click on the Save button and test the configuration by clicking on the Continue button.
7. Your configuration will be saved when it passes the test.

OKTA

Prerequisites

To get started you need an Okta account with admin permissions.
Configure Okta
You need to add an Okta SAML application to your Okta account. To add an Okta SAML application, you can follow the steps below.
1. Sign in to your Okta tenant.
2. Go to Okta Admin page:
3. Navigate to Applications page:
4. Click on the Add Application button.
5. Click on the Create New App button.
6. In the dialog, choose SAML 2.0 and click on the Create button.
7. Enter an App name and click on the Next button.
8. In the next step, in the SAML Settings section, enter Single sign on URL and Audience URI (SP Entity ID) values as you can see in the screenshot below.
Please use the URLs you have already copied in Service Provider Metadata.
Single sign on URL: Use Service Provider Assertion Consumer Service URL (https://serverSlug.jotform.com/sso/?acs)
Audience URI (SP Entity ID): Use Service Provider Entity ID (https://serverSlug.jotform.com/sso/metadata.php)
9. When links are added, save the settings and copy the next information:
– Identity Provider Single Sign-On URL
– Identity Provider Issuer 
– X.509 Certificate
You can find these details in the “View Setup Instructions” on the Sign On tab:
10. You can assign this app to people by clicking on the Assign Users to App button.

AZURE AD

Prerequisites

To get started you need an Azure account with admin permissions.
Configure Azure
Jotform does not have an enterprise gallery application in Azure AD, so you need to add a non-gallery application to your Azure AD and configure it to use SAML-based SSO. To do so, you can follow the steps below.
1. First, select the Azure Active Directory.
2. In the Enterprise applications tab, click on the New application button.
3. Click on the Create your own application button. Then enter the name of your app, select the Non-gallery option and click on the Create button.
4. Go to the Set up single sign on section and select the SAML option.
5. Finally, configured Single Sign-On with SAML page should look like on the image below.
In Part 1, please use the URLs you have already copied in Service Provider Metadata.
Identifier (Entity ID): Use Service Provider Entity ID (https://serverSlug.jotform.com/sso/metadata.php)
Reply URL (Assertion Consumer Service URL): Use Service Provider Assertion Consumer Service URL (https://serverSlug.jotform.com/sso/?acs)
Sign on URL: Use Service Provider Assertion Consumer Service URL with ‘login’ (https://serverSlug.jotform.com/sso/?login)
In part 2, please update Unique User Identifier as user.mail like below:
In part 3, download the Certificate(base64). You can access the certificate by opening the downloaded file with a text editor.
In part 4, you need to copy the links of the Login URL and Azure AD Identifier.
6. You can assign this app to a user/group. To do this, select Users and groups tab and click on the Add user/group button as you can see below:
When you are all done, please proceed to configure your Jotform Enterprise server.

OneLogin

Prerequisites

To get started you need a OneLogin account with admin permissions.
Configure OneLogin
You need to add a new APP to your OneLogin company apps in the administrator screen. You can follow the steps below.
1. Open the Apps tab and click on the Add App button.
2. Search for “SAML test connector” and select OneLogin “SAML Test Connector IdP w/attr)
3. Set Jotform app’s details and save the app:
Display Name: Jotform
Rectangular Icon: #URL
Square Icon: #URL
4. After the save request is completed, it will redirect you to the app. Click to the Configuration tab and fill in the application details for Jotform SAML and Save. Please use the URLs you have already copied in Service Provider Metadata.
Audience: Use Service Provider Entity ID (https://serverSlug.jotform.com/sso/metadata.php)
Recipient: Use Service Provider Assertion Consumer Service URL without ‘acs’ (https://serverSlug.jotform.com/sso/)
ACS (Consumer) URL Validator*: .*
ACS (Consumer) URL*: Use Service Provider Assertion Consumer Service URL (https://serverSlug.jotform.com/sso/?acs)
Single Logout URL: Use Service Provider Assertion Consumer Service URL with ‘logout’ (https://serverSlug.jotform.com/sso/?logout)
5. On the next step, click the Parameters tab and be sure about Email attribute is in the list (Jotform Enterprise is using the email attribute to match users)
6. Get the SAML details of OneLogin for JotForm. Click on the SSO tab and copy the endpoint details of SAML to use at JotForm.
– x.509 Certificate (details are at next step)
– Issuer URL
– SAML 2.0 Endpoint (HTTP)
How to get x.509 certificate

Click to View Details and copy the certificate.

Was this guide helpful?
Contact Support:

Our customer support team is available 24/7 and our average response time is between one to two hours.
Our team can be contacted via:

Support Forum: https://www.jotform.com/answers/

Contact Jotform Support: https://www.jotform.com/contact/

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Comment:

Podo CommentBe the first to comment.