Single sign-on (SSO) is a session and user authentication service that permits your employees to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the user for all the applications the user has rights to, and eliminates further prompts when the user switches applications during the same session. On the backend, SSO is helpful for logging user activities as well as monitoring user accounts.

The benefits of using single sign-on include: 

  • Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally) 
  • Reduce password fatigue from different user name and password combinations 
  • Reduce time spent re-entering passwords for the same identity 
  • Reduce IT costs due to lower number of IT help desk calls about passwords 
  • SSO shares centralized authentication servers that all other applications and systems use for authentication purposes and combines this with techniques to ensure that users do not have to actively enter their credentials more than once

If your organisation is using an SSO service, you can connect bob to it very easily.
Go to Settings > Integrations > Single Sign On

NOTE: For any SSO integration to work the employee email set in bob must match exactly the email as defined by the SSO provider.

Google SSO

  1. Login to bob as an Admin. Go to : Settings > Integrations > Single Sign-on
  2. Enable Google (don’t worry it will not be enabled yet)
  3. Enter your Google domain (e.g. mydomain.com) and press SAVE

 Users will now be able to login using their google account credentials.

Azure Active Directory

  1. Login to bob as an Admin. Go to : Settings > Integrations > Single Sign-on
  2. Enable Azure and click SAVE
  3. Once enabled, the Azure Admin will need to login to bob using Azure and grant consent to all employees logging in to bob using Azure. 

To grant consent to all employees:

  1. Go to app.hibob.com 
  2. In the login screen, select Connect with Microsoft.
  3. Enter the Azure Admin email and click login (Note: the Azure Admin does not need to be an employee in bob).
  4. Under the Permissions requested page, make sure to mark Consent on behalf of your organisation. Without marking the checkbox, employees will not be able to access bob using Azure SSO. 
  5. Click Accept
  6. In Azure, make sure to add the relevant users/groups to the bob Enterprise application.

Users will now be redirected to Azure portal when logging in. 

Troubleshooting

A new employee may have trouble logging into bob using Azure SSO. When trying to log in using Azure, they may get a response stating Need admin approval. If this happens, it means the bob application in Azure is missing Admin consent. To fix the issue:

  1. Login to Azure using the Azure Admin account.
  2. Go to: Azure Active Directory > Enterprise applications > bob > Permissions (on the left sidebar) > click on Grant admin consent
  3. Further instructions from Azure:
    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#grant-admin-consent-from-the-azure-portal

One-login SSO

  1. Login to bob as an Admin. Go to : Settings > Integrations > Single Sign-on
  2. Enable Onelogin (don’t worry it will not be enabled yet), and copy the customer ID
  3. Login to Onelogin and add a new app, search for 'bob' and click SAVE
  4. Go to Configuration and paste the customer ID from bob

 5. Go to SSO, and copy the Issuer URl copied from OneLogin and paste it in the Identity Provider metadata URl field in Onelogin configuration in bob, and SAVE

OKTA Single Sign-On 

  1. Login to bob as an Admin. Go to : Settings > Integrations > Single Sign-on
  2. Enable Okta (don’t worry it will not be enabled yet), and copy the customer ID
  3. Login to OKTA >  Admin dashboard > search for “bob” and add.
  4. Paste the customer ID from bob, and click Next
  5. Assign your employees.
  6. Go to Sign On tab, and copy the Identity Provider metadata and paste it in the Identity Provider metadata url field in Bob Okta configuration, and SAVE

That's it!

Need more help? If you're unsure about anything, send us a message through the chat icon below.

Did this answer your question?