UAEPass with OpenID Connect Directory Manager isn't any different from using Okta, Google, or any other provider. 

To download this plugin, go to Joget Marketplace - UAE Pass Directory Manager Plugin.

Plugin Information

Plugins Available in the Bundle:

  1. OpenID Connect Directory Manager for UAEPass

This plugin bundle is compatible with Joget DX7 and onwards.

Expected Outcome

Below is the flow of how it would be if you have successfully implemented it. With clicking the login, you will be redirected to the next image.

Figure 1: Login screen

Figure 2: Additional Login page using OpenID Directory manager with UAEPass

Upon successfully logging in with your registered ID, email, or phone you will be getting a push notification on your UAE Pass mobile application to confirm your identity.

Figure 3: Push Notification in mobile

After confirming it with your mobile app you are in.

Get Started

Prerequisites / Assumptions

1. UAE Pass Account

Above are the things a company needs to have in order to achieve the above flow. First, a company needs to submit appropriate documents to the government for onboarding. Second, they need to have the necessary information and even an account with UAE Pass. Finally, they need to have the UAE Pass mobile application on their mobile device.

But for this tutorial, we only will be using the staging credential and staging app.
Below is the necessary stuff if you want to follow along.

So that is all the necessary stuff that you would need and below is the configuration.

2. API Domain/IP Whitelist

To ensure the successful operation of this plugin, it is essential to whitelist the domains or IP addresses of the host. Typically, this involves adding the IP address or domain name of your Joget application server to the whitelist. To access this section of Joget, go to Settings → General Settings and scroll down till you see API Domain/IP Whitelist section.

Figure 4: API Domain/IP Whitelist

API Domain Whitelist (Separated by ';')

Domain whitelist to allow API calls to Joget Workflow. Separated by semicolon.


"localhost;;”, or "*" to allow from everywhere.

In a production environment, do not use "*".

Doing so will allow anyone to call all JSON APIs from the Joget server.

API IP Whitelist (Separated by ';')

IP address whitelist to allow API calls to Joget. Separated by semicolon.


"localhost;;; ”, or "*" to allow from everywhere.

In a production environment, do not use "*".

Doing so will allow anyone to call all JSON APIs from the Joget server.

3. Licensed Users

Please review the Licensed Users in the License section of Joget. If you surpass the allowed user limit, you won't be able to log in to Joget following the Single Sign-On (SSO) process.

Figure 5: Licensed Users


In System Settings, select the Directory Manager Settings.

Select the OpenID Connect Directory Manager - 7.0.0 plugin in the dropdown menu.

Figure 6: System Settings Directory Manager Settings

Click on select and the plugin configuration screen will be shown. We will now fill in the plugin configurations.

Figure 7: Plugin Configurations

So if you already chose the UAEPass issuer in your OpenID connection, you could insert the endpoints and the testing credentials that have been given before.
And you would need the response types supported scope and state that is left blank. The last part would be tricky but not that hard.
To find the scope, state, and response types supported would be here.

We are going to dissect the URL. Below is the full URL (it is an image). We just need to copy the response_type, scope, and state(the highlighted ones) values.

Figure 8: Authentication URL

The last URL you need for the validation would be here. Take the Token endpoint and fill it up token validation endpoint and we are good to go.

After filling all up your form will look like the image below

Figure 9: Plugin Configurations filling completed

And you have come to an end to this tutorial. That would be all. Feel free to try it out and comment if you need help with anything.

OpenID Connect Directory Manager Properties





Authorization Token Endpoint

Token Endpoint

Token Validation

User Info Endpoint

Response Type Supported


Client ID


Client Secret






  • No labels