Start NowBlogsWatch NowContact Us

Connecting Entra ID to Mobb

This guide explains how to integrate Microsoft Entra ID (formerly Azure Active Directory) with Mobb via SAML so your users can sign in with SSO.

Prerequisites

  • Admin access to the Microsoft Entra Admin Center.

  • Permission to assign users/groups to Enterprise Applications.

  • Ability to share configuration details (URLs, certificate, and email domains) with Mobb.

Step 1 — Create an Enterprise Application

  1. Sign in to Entra Admin Center.

  2. Go to Identity → Applications → Enterprise applications.

  3. Click + New application → Create your own application.

  4. Enter a name (e.g., Mobb SSO) and choose Integrate any other application you don’t find in the gallery (Non-gallery).

  5. Create the app, then open it → Single sign-on → choose SAML.

You’ll land on the Set up Single Sign-On with SAML page.

Step 2 — Configure SAML (Basic SAML Configuration)

First, define an application name that will represent this SAML configuration using the following naming convention:

YOUR_APP_NAME: Mobb-<YOUR_COMPANY_NAME>

For example, if your company name is XYZ, YOUR_APP_NAME will be Mobb-XYZ

Fill in the following values:

  • Identifier (Entity ID)

    urn:auth0:mobb-prod:<YOUR_APP_NAME>

  • Reply URL (Assertion Consumer Service URL)

    https://auth.mobb.ai/login/callback?connection=<YOUR_APP_NAME>

Replace <YOUR_APP_NAME> with the exact connection name you intend to use (no spaces recommended).

Keep Name ID format as the default (usually Unspecified or Persistent). Mobb will map claims explicitly in Auth0.

Step 3 — Assign Users and Groups

In the Enterprise Application:

  1. Go to Users and groups.

  2. Assign the users and/or groups who should be able to access Mobb.

Only assigned users will be able to sign in via SSO.

Step 4 — Export and Collect Details for Mobb

From the Single sign-on blade, collect:

  • Application name: <YOUR_APP_NAME>

  • Certificate (Base64): Download the Base64 certificate (not DER).

  • Login URL (a.k.a. SAML Single Sign-On Service URL)

  • Logout URL (Front-channel or SAML logout URL, if configured)

  • Customer’s Email Domain(s): e.g., yourcompany.com, subsidiary.co

Mobb uses your domains to route users to the correct identity provider at login.

Step 5 — Send the Details to Mobb

Open a ticket at Mobb Support Portal with subject:

Entra ID SSO Onboarding

Include:

  • Your application name (<YOUR_APP_NAME>)

  • Login URL

  • Logout URL

  • Base64 certificate

  • Company email domain(s)

Your Mobb support representative will contact you once the configuration is complete and is ready for testing.

Step 6 — Test SSO

  • From Entra: use Single sign-on → Test to validate claims issuance.

  • From Mobb: visit app.mobb.ai, start login, and enter an email from one of your approved domains. You should be redirected to Microsoft sign-in and, after successful auth, back to Mobb.

Troubleshooting

  • User not assigned: Ensure the user or their group is assigned to the Enterprise Application.

  • Domain not recognized: Confirm your company email domain(s) were provided to Mobb and added to the connection.

  • Certificate errors: Verify you sent the Base64 certificate and it hasn’t expired.

  • NameID / claims mismatch: The mapping on Mobb’s side assumes the nameidentifier claim is present. If your tenancy emits a different primary identifier, let us know.

  • Case sensitivity: Emails are normalized to lowercase by Mobb’s mapping; ensure downstream policies allow that.

Summary

  1. Create a Non-gallery Entra Enterprise Application using SAML.

  2. Set Entity ID and Reply URL with your <YOUR_APP_NAME>.

  3. Assign users/groups.

  4. Send Mobb the Login URL, Logout URL, Base64 certificate, app name, and email domains.

  5. Mobb completes Auth0 configuration and confirms readiness.

  6. Test SSO from Entra and from Mobb.

PreviousConnecting Okta to MobbNextSAML Single Sign-On Flow

Last updated

Was this helpful?