This guide covers both the Mojob setup and the Azure setup, so you can complete the integration from start to finish.
Prerequisites
Before starting, make sure you have:
Access to your Mojob Business account.
Admin rights in your Microsoft Entra ID (Azure AD) portal.
Part 1 – Configure SAML in Mojob
Log in to Mojob Business
→ https://business.mojob.ioOpen the Integrations tab
Go to Settings → Integrations.
Under Authentication, find SAML Single Sign-On (SSO).
Click Add (or edit an existing configuration).
Copy Mojob SAML values
You’ll need these for the Azure setup later:Audience URI (SP Entity ID)
Reply URL (Assertion Consumer Service URL)
Login URL (Single Sign-On Service URL)
Logout URL (Single Logout Service URL)
Complete Mojob setup fields
Name → Display name for this SSO connection.
Provider ID & Client ID → Auto-generated by Mojob.
Domains → Enter your company email domain(s) (e.g.,
company.com).
⚠ Domains determine which login emails route to this SSO provider.Identity Provider Issuer → copy from Azure AD.
App Federation Metadata URL → copy from Azure AD.
(Optional) Advanced settings -> adjust attribute mappings here
Mojob uses these defaults:Email →
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressFirst Name →
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameLast Name →
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Update only if your IdP uses different attributes.
Part 2 – Configure SAML in Microsoft Entra ID
Log in to the Azure Portal
→ https://portal.azure.comCreate a new Enterprise Application
Go to Microsoft Entra ID → Enterprise Applications.
Click New application → Create your own application.
Choose Non-gallery application.
Name it (e.g., Mojob SSO).
Assign users or groups
Open Users and groups in the application menu.
Click Add user/group.
Assign the users or groups who should log in to Mojob.
⚠ If you skip this, no one will be able to access Mojob via SSO.
Configure SAML-based SSO
Select Single sign-on → SAML.
Fill in:
Identifier (Entity ID) → Mojob’s Audience URI.
Reply URL → Mojob’s Reply URL.
Login URL → Mojob’s Login URL.
Logout URL → Mojob’s Logout URL.
Set user attributes & claims
Ensure these claims are configured:emailaddress→ User’s emailgivenname→ User’s first namesurname→ User’s last name
[Screenshot placeholder]
Copy certificate details
Copy the App Federation Metadata URL.
Copy the Azure AD Identifier (Identity Provider Issuer).
Complete Mojob configuration
Return to Mojob’s SAML setup screen.
Paste in the Identity Provider Issuer and App Federation Metadata URL from Azure.
Double-check your Domains field.
Part 3 – Test the SSO Login
Go to https://business.mojob.io.
Click Continue with SSO.
Enter your full work email address.
Mojob will detect the SSO provider based on the domain.
You’ll be redirected to Microsoft Entra ID to log in.
Part 4 – User Approval Flow
On first login, users will see “Access is pending”.
A unit administrator will receive an email and in-app notification to approve them:
Go to Settings → Team to approve pending access request
Approve the pending user by assigning them a Unit and Role.
Once access is granted, the user will receive a confirmation email. By clicking the link in that email, they’ll be taken directly to their Mojob account.
Part 5 – View SAML Connection in Profile
Once approved:
Go to Profile → Authentication.
Your SAML connection will appear under Connected Accounts.
click Disconnect to remove your SAML SSO connection. A password must be set in your Profile before doing this.
