How to Configure Azure AD SSO for Jotform Enterprise

Azure Active Directory (Azure AD) is an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access services that you can easily integrate with Jotform. To get started you need to enable Single Sign-On in your Jotform Enterprise server. You also need an Azure AD account with admin permissions.

Creating Your Own Application

Jotform does not have an enterprise gallery application in Azure AD, so you need to add a non-gallery application to your Azure AD and configure it to use SAML-based SSO. To do so, you can follow the steps below:

1. Log in to your Azure AD admin center.
2. Select Enterprise applications on the left.

3. Next, click on New application.

4. Afterward, click on Create your own application.
5. Provide a name for your app.
6. Choose the Non-gallery option then click Create.

The setup wizard will redirect you to the app’s overview page once your app is created. Proceed to the next section to configure SAML.

Setting Up Single Sing-On with SAML

You can configure SAML from your app’s overview page. Here’s how:

1. Choose Single sign-on from the app’s menu on the left, then select SAML.

This will open the “Set up Single Sign-On with SAML” setup wizard which consists of five parts. Continue by completing the first two parts — Basic SAML Configuration and User Attributes & Claims.

2. Now, edit the Basic SAML Configuration.

3. Provide your Service Provider Metadata links.

The value to use for each field is as follows:

• Identifier (Entity ID) — Use your Jotform Entity ID
  (e.g., https://example.jotform.com/sso/metadata.php).
• Reply URL (Assertion Consumer Service URL) — Use your Jotform Service Provider Assertion Consumer Service URL
  (e.g., https://example.jotform.com/sso/?acs).
• Sign on URL (Optional) — Use your Jotform Service Provider Assertion Consumer Service URL but replace ?acs with ?login
  (e.g., https://example.jotform.com/sso/?login).

4. Save the changes then exit the Basic SAML Configuration wizard.
5. Next, edit User Attributes & Claims.

6. Click on Unique User Identifier (Name ID).

7. Set the Source attribute option to “user.mail.”
8. Save the changes then exit the User Attributes & Claims setup wizard.

Once that’s done, proceed to the next section to configure the Identity Provider Metadata settings in Jotform.

Integrating Azure AD SSO with Jotform

After setting up the Basic SAML Configuration and User Attributes & Claims settings in your app, the next step is to provide your Azure AD details — which you can find in parts three and four of the “Set up Single Sign-On with SAML” setup wizard — to Jotform. Here’s how:

1. In the “Set up Single Sign-On with SAML” setup wizard, scroll down to the SAML Signing Certificate section and download Certificate (Base64).

2. Next, take note of your app’s Login URL and Azure AD Identifier links just below the certificate section.

3. Now, open your Jotform SSO settings page in a new tab and enter the details in the Identity Provider Metadata fields.

The value to use for each field is as follows:

• Entity ID — Use your Azure AD Identifier.
• SSO URL — Use your Azure AD Login URL.
• Certificate — Use your Azure AD Certificate (Base64) file’s content.
  Note: To view the certificate, open it with a text editor (i.e., Notepad, TextEdit).

4. Go back to your Azure AD SAML app page and assign your app to a user or group.

5. Finally, go back to your Jotform SSO settings page and save your configuration.