SSO with Microsoft Entra ID



This article introduces Kintone's integration with Microsoft Entra ID (Formerly Azure AD) - a cloud service for identity and access management.

What is Microsoft Entra ID?

Microsoft Entra ID is a cloud service for identity and access management that enables secure access to various applications and Microsoft products.
Customers who want to use both Office 365 and Kintone can do so by utilizing the functions of Entra ID. Entra ID offers not only high affinity with Microsoft products, but also has the following advantages:

  • Unified management of cloud authentication servers for on-premises and could services
  • No requirement for operations of the authentication server
  • Collaboration with other services on the Microsoft Azure Marketplace

Synchronize Entra ID and log in to Kintone

Use Entra ID as the identity provider to log into Kintone. By doing so, it is possible to combine the single sign-on (SSO) environment with other services such as Google Workspace, Salesforce, Office 365 and multi-factor authentication (2 factor authentication). Details regarding SAML authentication on Kintone can be found on the Setting Up Single Sign-On (SSO) with SAML (External link) page of the Kintone Help site.

Configure federation with Entra ID

Select Kintone from Microsoft Entra Gallery and set Kintone's address in the settings. On Kintone's administration screen, enable the SAML settings, and place in information related to the sign-in page of Entra ID. Details of the setting procedure can be found on the Tutorial: Microsoft Entra ID integration with Kintone (External link) page of the Microsoft website.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone through the browser. The login screen of Entra ID should be displayed instead of Kintone's log in screen.

Synchronize On-premises Entra ID and Log in to Kintone

If the on-premises (Windows Server available inside your company) Entra ID federation is set in the above configuration, it is possible to log in to Kintone by using the domain account (Windows login account) available inside the company. Single sign-on with other applications such as Google Workspace etc. is also possible.

Configure Entra ID and AD (Windows Server environment) federation

Using the settings above, configuring a federation with Entra ID in the Windows Server with the Entra ID that is federated with Kintone can be done. To perform a federation, first set up the Active Directory Federation Services (AD FS) and the Web Application Proxy. When the setup is complete, use Windows PowerShell (command utility) to set up a trusting relationship between Entra ID and AD FS (exchange the meta information including certificates mutually). Finally, synchronize the configuration of Entra ID information with Active Directory information (such as users) available inside the company.
Details on how to integrate on-premises directories with Microsoft Entra ID can be found on the What is federation with Entra ID? (External link) article on the Microsoft Help website.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone. A login screen (shown below) of Entra ID exclusive for the company will be displayed. Logging into this page will also log the user into Kintone. Users who log into the Windows environment (domain) of the company and use Microsoft Edge, will not see the login screen and single sign-on (SSO) will be performed.