Add Azure AD SSO to your Mendix App
Nowadays, you might have accessed an app through Single Sign-On. But do you know how it is been integrated and how does it allow you to log in to the application?
In this blog, I will explain just what SSO is, how it works and guide you through the steps of integrating Azure AD with a Mendix app to achieve this SSO mechanism.
As a user, we prefer not to have to remember credentials to access each application. That’s where we can implement SSO, which solves the pressure of remembering the credentials for each app.
Here is how I define SSO –
SSO Stands for Single Sign-On which allows the users to access multiple services with a single set of credentials.
Here, we are going to see about the Azure AD integration with a Mendix app which provides SSO features to users.
If you are curious to know more about SSO, look at the following figure:
Here is the process involved in it
1. When a user tries to access the application, it creates a SAML request and sends it to Identity Provider Eg: Azure Active Directory.
2. Now IP will verify the user and returns SAML response.
3. Mendix application verifies the SAML Response and allows the user to log in to the application. The Authentication Mechanism is shown in the above figure.
Below I will be configuring the Identity Provider and Service Provider information in the Mendix application with the help of the SAML Module, to achieve the above process in a Mendix application
Simply follow these steps to use this in your app
To start the integration process, we need an account to access Azure Active Directory. Create the developer account which has full admin access with the help of Microsoft 365 Developer Program Membership.
Click here https://developer.microsoft.com/en-us/microsoft-365/dev-program to set up a new Microsoft 365 E5 Subscription.
To authenticate the user in the Mendix application against Azure AD, we need to do a basic setup in the Azure AD administration Console as well as in the Mendix application.
Basic Setup Steps to be done in Azure AD
Step 1: Log in to https://portal.azure.com/ with a developer account and open Azure Active Directory Overview.
Step 2: Click Enterprise Applications from the menu and click create own application.
Step 3: Click the set up single sign-on option and select SAML from the single sign-on method.
Step 4: Enter the sandbox URL in the basic saml configuration section and don’t forget to copy the App Federation Metadata URL.
For Example:
Identifier: https://yourappname-sandbox.mxapps.io/
Reply URL: https://yourappname-sandbox.mxapps.io/SSO/
Step 5: Click users and groups to provide access to users for this enterprise application. Click add user button to select the user as shown below
Basic Setup Steps in Mendix Application
Step 1: Create a new Mendix application and download Saml Module and MxModelReflection Module. Don’t forget to map the Saml startup microflow under runtime settings.
Step 2: Call Saml Configuration in navigation and enter the SP Configuration details. Copy the URL of the Application and paste it into the Organization URL. Then update the details of the Organization & contact person and save it.
Step 3: Click the New button to enter IDP details under IDP Configuration. Paste the App Federation Metadata URL in the URL field and then click Next.
Step 4: Select “Allow IdP Initiated Authentication” and then select “Use Name ID” as an assertion type as shown below.
Step 5: Select the account entity and respected attribute.
Step 6: In the user provisioning section, select yes to create users and map the userrole.
Step 7: In the Just In time Provisioning section, add the 2 claims by clicking new and then search as shown below
1. Claim 1
Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Name format: string
Friendly name: Email
2. Claim 2
Name: http://schemas.microsoft.com/identity/claims/displayname
Name format: string
Friendly name: DisplayName
Step 8: Create the above claims as described and map the attributes as shown below:
Step 9: Click save and then click toggle active to make the new IDP config active.
Step 10: The user can now access the SSO login URL https://{yourappname}-sandbox.mxapps.io/SSO/ and will be able to login using their Azure AD Credentials.
Final thoughts
I hope this article was insightful helpful. I would love to hear your thoughts, suggestions, and questions in the comment section.
I will see you in the next article — Bye!!!
Read More
From the Publisher -
If you enjoyed this article you can find more like it at our Medium page. For great videos and live sessions, you can go to MxLive or our community Youtube page.
For the makers looking to get started, you can sign up for a free account, and get instant access to learning with our Academy.
Interested in getting more involved with our community? You can join us in our Slack community channel or for those who want to be more involved, look into joining one of our Meet ups.
