Skip to main content

How to Set Up SAML 2.0 Single Sign-On (SSO) with Mojob and Microsoft Entra ID

Learn how to set up SAML-based Single Sign-On (SSO) between Mojob and Microsoft Entra ID

Written by Tetiana

This guide covers both the Mojob setup and the Azure setup, so you can complete the integration from start to finish.

Prerequisites

Before starting, make sure you have:

  • Access to your Mojob Business account.

  • Admin rights in your Microsoft Entra ID (Azure AD) portal.

Part 1 – Configure SAML in Mojob

  1. Log in to Mojob Business
    https://business.mojob.io

  2. Open the Integrations tab

    • Go to Settings → Integrations.

    • Under Authentication, find SAML Single Sign-On (SSO).

    • Click Add (or edit an existing configuration).

  3. Copy Mojob SAML values
    You’ll need these for the Azure setup later:

    • Audience URI (SP Entity ID)

    • Reply URL (Assertion Consumer Service URL)

    • Login URL (Single Sign-On Service URL)

    • Logout URL (Single Logout Service URL)

  4. Complete Mojob setup fields

    • Name → Display name for this SSO connection.

    • Provider ID & Client ID → Auto-generated by Mojob.

    • Domains → Enter your company email domain(s) (e.g., company.com).
      ⚠ Domains determine which login emails route to this SSO provider.

    • Identity Provider Issuer → copy from Azure AD.

    • App Federation Metadata URL → copy from Azure AD.

  5. (Optional) Advanced settings -> adjust attribute mappings here
    Mojob uses these defaults:

    Update only if your IdP uses different attributes.

Part 2 – Configure SAML in Microsoft Entra ID

  1. Log in to the Azure Portal
    https://portal.azure.com

  2. Create a new Enterprise Application

    • Go to Microsoft Entra ID → Enterprise Applications.

    • Click New applicationCreate your own application.

    • Choose Non-gallery application.

    • Name it (e.g., Mojob SSO).

  3. Assign users or groups

    • Open Users and groups in the application menu.

    • Click Add user/group.

    • Assign the users or groups who should log in to Mojob.
      ⚠ If you skip this, no one will be able to access Mojob via SSO.

  4. Configure SAML-based SSO

    • Select Single sign-on → SAML.

    • Fill in:

      • Identifier (Entity ID) → Mojob’s Audience URI.

      • Reply URL → Mojob’s Reply URL.

      • Login URL → Mojob’s Login URL.

      • Logout URL → Mojob’s Logout URL.

  5. Set user attributes & claims
    Ensure these claims are configured:

    • emailaddress → User’s email

    • givenname → User’s first name

    • surname → User’s last name
      [Screenshot placeholder]

  6. Copy certificate details

    • Copy the App Federation Metadata URL.

    • Copy the Azure AD Identifier (Identity Provider Issuer).

  7. Complete Mojob configuration

    • Return to Mojob’s SAML setup screen.

    • Paste in the Identity Provider Issuer and App Federation Metadata URL from Azure.

    • Double-check your Domains field.

Part 3 – Test the SSO Login

  1. Go to https://business.mojob.io.

  2. Click Continue with SSO.

  3. Enter your full work email address.

    • Mojob will detect the SSO provider based on the domain.

  4. You’ll be redirected to Microsoft Entra ID to log in.

Part 4 – User Approval Flow

  1. On first login, users will see “Access is pending”.

  2. A unit administrator will receive an email and in-app notification to approve them:

    • Go to Settings → Team to approve pending access request

    • Approve the pending user by assigning them a Unit and Role.

  3. Once access is granted, the user will receive a confirmation email. By clicking the link in that email, they’ll be taken directly to their Mojob account.

Part 5 – View SAML Connection in Profile

Once approved:

  • Go to Profile → Authentication.

  • Your SAML connection will appear under Connected Accounts.

  • click Disconnect to remove your SAML SSO connection. A password must be set in your Profile before doing this.

Did this answer your question?