Set Up Azure AD (Microsoft Entra ID) SSO for JustCall

Manage my account4 min readUpdated 2026-03-12

Set Up Azure AD (Microsoft Entra ID) SSO for JustCall

Connect JustCall to Microsoft Entra ID (formerly Azure Active Directory) so your team can log in with their Microsoft credentials. This guide covers SAML configuration and optional user provisioning. SSO is available on the Business plan.

Prerequisites

  • JustCall Business plan
  • Microsoft Entra ID admin access (Global Administrator or Application Administrator role)
  • A verified email domain in JustCall

Step 1: Enable SSO in JustCall

  1. Go to Settings → Security → Single Sign-On in JustCall.
  2. Click Enable SSO and select SAML 2.0.
  3. Copy the ACS URL and Entity ID values.

Step 2: Create an Enterprise Application in Entra ID

  1. Log into the Microsoft Entra admin center.
  2. Go to Identity → Applications → Enterprise applications.
  3. Click New application → Create your own application.
  4. Name the app JustCall and select Integrate any other application you don't find in the gallery (Non-gallery).
  5. Click Create.

Step 3: Configure SAML SSO

  1. In the JustCall enterprise application, go to Single sign-on → SAML.

  2. Edit Basic SAML Configuration:

    • Identifier (Entity ID): Paste the Entity ID from JustCall
    • Reply URL (ACS URL): Paste the ACS URL from JustCall
    • Sign on URL: https://app.justcall.io/login

  3. Click Save.

  4. Edit Attributes & Claims:

    Claim NameSource Attribute
    emailuser.mail
    firstNameuser.givenname
    lastNameuser.surname

  5. Under SAML Certificates, download Certificate (Base64).

  6. Under Set up JustCall, copy:

    • Login URL (SSO URL)
    • Azure AD Identifier (Issuer)

Step 4: Complete Configuration in JustCall

  1. Return to Settings → Security → Single Sign-On in JustCall.
  2. Enter:
    • SSO URL: Paste the Login URL from Entra ID
    • Issuer / Entity ID: Paste the Azure AD Identifier
    • Certificate: Upload the Base64 certificate
  3. Set the Default Role for new SSO users.
  4. Click Save Configuration.
  5. Click Test Connection to validate.

Step 5: Assign Users and Groups

  1. In the Entra admin center, go to your JustCall enterprise application.
  2. Click Users and groups → Add user/group.
  3. Select the users or security groups that should have access to JustCall.
  4. Click Assign.

Only assigned users can log in via SSO. Unassigned users see an "access denied" error.

Optional: User Provisioning (SCIM)

If you want users automatically created and deactivated in JustCall based on Entra ID group membership:

  1. In the JustCall enterprise application, go to Provisioning.
  2. Set Provisioning Mode to Automatic.
  3. Enter the Tenant URL and Secret Token from JustCall (found under Settings → Security → Provisioning).
  4. Click Test Connection, then Save.
  5. Map attributes: userName → email, givenName → firstName, familyName → lastName.
  6. Set the provisioning scope (sync assigned users only or all users).
  7. Turn provisioning On.

Provisioning syncs every 40 minutes. New Entra ID users are created in JustCall automatically. Disabled Entra ID users are deactivated in JustCall.

Troubleshooting

IssueSolution
"AADSTS50011" redirect errorVerify the Reply URL in Entra ID matches the ACS URL in JustCall exactly.
Claims not receivedEnsure attribute mappings use the correct source attributes (user.mail, not user.userprincipalname, unless UPN matches email).
Provisioning failuresCheck the provisioning logs in Entra ID for specific attribute errors.

Related Articles

Was this helpful?
New vs Legacy PlansSet Up Google Workspace SSO for JustCall

Related Articles

JustCall Affiliate Program
Manage my account2 min read
How to Join the JustCall Affiliate Program
Manage my account2 min read
Track Referrals and Payouts
Manage my account2 min read