ToolJet/docs/versioned_docs/version-3.16.0-LTS/user-management/sso/saml/entra-id.md

---
id: entra-id
title: Microsoft Entra ID
---

Microsoft Entra ID can be configured as the Identity Provider for SAML, which is an authentication protocol that securely verifies user identities through a trusted provider. This document explains how to obtain the required credentials from the Azure Developer Portal. Refer to the [SAML Setup guide](/docs/user-management/sso/saml/setup) to configure SAML in your application.

## Generating Metadata

1. Sign in to Azure Developer Portal. Navigate to Enterprise applications and create a new application.

2. Open the application and go to **Manage > Single sign-on > SAML**.
    <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/add_application.png" alt="Entra ID: Create Application"/>

3. Under SAML Certificates, copy the App Federation Metadata URL. Open this URL in a new tab and copy the XML content.

4. In ToolJet, navigate to **Workspace settings > Workspace login > SAML**. Paste the XML into Identity provider metadata and click **Save changes**. Copy the generated Redirect URL.
    <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/tooljet_saml_configuration.png" alt="Entra ID: ToolJet SAML Configuration"/>

5. Return to the Azure Developer Portal. Go to **Manage > Single sign-on**, edit **Basic SAML Configuration**, and paste the Redirect URL into both **Identifier (Entity ID)** and **Reply URL (Assertion Consumer Service URL)**. Click **Save**.
    <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/azure_saml_configuration.png" alt="Entra ID: Azure SAML Configuration"/>

6. Edit **Attributes & Claims** and rename the **emailaddress** claim to **email**.

Once these steps are completed, users should be able to sign in to ToolJet using Microsoft Entra ID via SAML without any additional configuration.

   <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/sign_in_page.png" alt="Sign-In Page"/>

## Configure Group Sync using Microsoft Entra ID

:::note
Group Sync with Microsoft Entra ID via SAML is supported only on self-hosted ToolJet instances.
:::

To configure, group sync with Microsoft Entra ID SAML, follow these steps:

1. Set the following environment variable in your ToolJet deployment:
```js
    TJ_SAML_GROUP_MAPPINGS__<tooljet-workspace-slug> = '{"<azure-group-object-id>": "tooljet-group-name"}'
```

2. To obtain the Azure group Object ID, sign in to the Azure Developer Portal and navigate to Groups > All groups. Select the group you want to map and copy its Object ID.
    <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/group_object_id.png" alt="Entra ID: Azure Group Object ID"/>

3. In your ToolJet application, go to **Workspace settings > Workspace login > SAML** and enable **Group sync**.

4. In the Group attribute field, enter `groups`.
    <img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/enable_group_sync.png" alt="Entra ID: Enable Group Sync"/>

Once configured, ToolJet will automatically sync user groups from Microsoft Entra ID based on the defined mappings.
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00			`---`
			`id: entra-id`
			`title: Microsoft Entra ID`
			`---`

			`Microsoft Entra ID can be configured as the Identity Provider for SAML, which is an authentication protocol that securely verifies user identities through a trusted provider. This document explains how to obtain the required credentials from the Azure Developer Portal. Refer to the [SAML Setup guide](/docs/user-management/sso/saml/setup) to configure SAML in your application.`

			`## Generating Metadata`

			`1. Sign in to Azure Developer Portal. Navigate to Enterprise applications and create a new application.`

			`2. Open the application and go to Manage > Single sign-on > SAML.`
[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/add_application.png" alt="Entra ID: Create Application"/>`
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00
			`3. Under SAML Certificates, copy the App Federation Metadata URL. Open this URL in a new tab and copy the XML content.`

			`4. In ToolJet, navigate to Workspace settings > Workspace login > SAML. Paste the XML into Identity provider metadata and click Save changes. Copy the generated Redirect URL.`
[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/tooljet_saml_configuration.png" alt="Entra ID: ToolJet SAML Configuration"/>`
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00
			`5. Return to the Azure Developer Portal. Go to Manage > Single sign-on, edit Basic SAML Configuration, and paste the Redirect URL into both Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL). Click Save.`
[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/azure_saml_configuration.png" alt="Entra ID: Azure SAML Configuration"/>`
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00
			`6. Edit Attributes & Claims and rename the emailaddress claim to email.`

			`Once these steps are completed, users should be able to sign in to ToolJet using Microsoft Entra ID via SAML without any additional configuration.`

[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/sign_in_page.png" alt="Sign-In Page"/>`
[docs]: Changes in auth0 docs as per doc review call 2026-01-08 14:17:11 +00:00
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00			`## Configure Group Sync using Microsoft Entra ID`

			`:::note`
			`Group Sync with Microsoft Entra ID via SAML is supported only on self-hosted ToolJet instances.`
			`:::`

			`To configure, group sync with Microsoft Entra ID SAML, follow these steps:`

			`1. Set the following environment variable in your ToolJet deployment:`
			```js
			`TJ_SAML_GROUP_MAPPINGS__<tooljet-workspace-slug> = '{"<azure-group-object-id>": "tooljet-group-name"}'`
			```

			`2. To obtain the Azure group Object ID, sign in to the Azure Developer Portal and navigate to Groups > All groups. Select the group you want to map and copy its Object ID.`
[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/group_object_id.png" alt="Entra ID: Azure Group Object ID"/>`
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00
			`3. In your ToolJet application, go to Workspace settings > Workspace login > SAML and enable Group sync.`

			4. In the Group attribute field, enter `groups`.
[docs]: Updated img classes and sidebar order 2026-01-09 08:51:56 +00:00			`<img className="screenshot-full img-full" src="/img/user-management/sso/saml/entra-id/enable_group_sync.png" alt="Entra ID: Enable Group Sync"/>`
[docs]: Add docs for configuring SAML usign Microsoft Entra ID 2025-12-19 18:00:22 +00:00
			`Once configured, ToolJet will automatically sync user groups from Microsoft Entra ID based on the defined mappings.`