Single sign-on (SSO) integration

Single sign-on (SSO) is a session and user authentication service that permits your employees to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the user for all the applications the user has rights to and eliminates further prompts when the user switches applications during the same session.

Get the most out of Bob

On the backend, SSO is helpful for logging user activities as well as monitoring user accounts.

  • Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally). 
  • Reduce password fatigue from different user name and password combinations. 
  • Reduce time spent re-entering passwords for the same identity. 
  • Reduce IT costs due to the lower number of IT help desk calls about passwords. 
  • SSO shares centralized authentication servers that all other applications and systems use for authentication purposes and combines this with techniques to ensure that users do not have to actively enter their credentials more than once.

Note: For any SSO integration to work, the employee email set in Bob must match exactly the email as defined by the SSO provider.

How to set up Google SSO

  1. From the left menu, select Settings > Integrations.
  2. Select SSO (Single Sign-on) from the menu.
  3. Click Connect on the Google tile.
  4. Enter your Google domain (e.g. mydomain.com).
  5. Click Enable.

Users will now be able to log in using their Google account credentials.

How to set up Azure Active Directory

  1. From the left menu, select Settings > Integrations.
  2. Select SSO (Single Sign-on) from the menu.
  3. Click Connect on the Azure tile.
  4. Click Enable.
    The Azure Admin will need to log in to Bob using Azure and grant consent to all employees logging in to Bob using Azure. 

To grant consent to all employees:

  1. Go to app.hibob.com
  2. On the login screen, select Connect with Microsoft.

    Note: You'll need to sign out of Bob before you do this.

  3. Enter the Azure Admin email and click login.

    Note: The Azure Admin does not need to be an employee in Bob.

  4. In the Permissions requested page, make sure to mark the Consent on behalf of your organization checkbox.

    Note: Without marking the checkbox, employees will not be able to access Bob using Azure SSO. 

  5. Click Accept
  6. In Azure, make sure to add the relevant users/groups to the Bob Enterprise application. Users will now be redirected to Azure portal when logging in. 

How to set up OneLogin SSO

  1. From the left menu, select Settings > Integrations.
  2. Select SSO (Single Sign-on) from the menu.
  3. Click Connect on the OneLogin tile.
  4. Click Copy Customer ID.
  5. From OneLogin, add a new app, search for Bob and click Save.
  6. From the Configuration tab, paste the customer ID from Bob.
    617baa048709e
    An Issuer URL will be generated.
  7. Copy the Issuer URL from OneLogin.
  8. On the Bob OneLogin configuration, paste the Issuer URL from OneLogin into the Identity Provider metadata URL field.
  9. Click Enable.

How to set up OKTA Single Sign-On 

  1. From the left menu, select Settings > Integrations.
  2. Select SSO (Single Sign-on)from the menu.
  3. Click Connect on the OKTA tile.
  4. Click Copy Customer ID.
  5. Copy the customer ID.
  6. From OKTA, select Admin dashboard, search for Bob and click Add.
  7. Paste the customer ID from Bob, then click Next.
  8. Assign your employees.
  9. From the Sign On tab, copy the Identity Provider metadata.
  10. On the Bob OneLogin configuration, paste the Identity Provider metadata in the Identity Provider metadata URL field.
  11. Click Enable.

Note: When using SSO, employees also need to be invited to access Bob. To learn more, see Part 3: Invite an employee, launching Bob.

How to set up JumpCloud SSO

Step 1: In Bob

  1. From the left menu, select Settings > Integrations.
  2. From the Integrations menu, select SSO (Single Sign-on).
  3. In the JumpCloud tile, click Connect.
    The JumpCloud configuration screen opens.
  4. Click Copy link, to the right of the Bob company ID field.
    This copies the Company ID number.mceclip0.png

Step 2: In JumpCloud

  1. Fom the left menu, select SSO.
    The Featured Applications screen opens.
  2. Click the + sign.
    mceclip1.png
    This opens the Configure New SSO Application screen.
  3. Type Bob in the search bar and hit Enter.
  4. In the Bob row, click Configure.
    mceclip2.png
    The New application screen opens.
  5. In the General Info tab, enter a Display Label name.
    This will be shown in the Display Label field in JumpCloud.
  6. In the SSO tab, click in the ACS URL field and, replace "YOUR_ID" at the end of the URL with the company ID you copied from Bob.
  7. Mark the Declare Redirect Endpoint checkbox.
  8. Click activate on the bottom right.
    mceclip4.png

    The Please confirm your new SSO connector instance popup appears.
  9. Click Continue.
  10. Click the X in the top right of the New application screen to close it.
  11. Bob will have been added to the list in theSSO Featured applications screen.

    mceclip5.png
  12. Click on the Bob row.
    This opens the Bob information screen.
  13. In the SSO tab, click Export Metadata.
    mceclip6.png
    This saves the metadata to your computer as an XML file.

    Step 3: In Bob

    1. From the left menu, select Settings > Integrations.
    2. From the Integrations menu, select SSO (Single Sign-on).
    3. In the JumpCloud tile, click Connect.
      The JumpCloud configuration screen opens.
      mceclip7.png
    4. Click Upload and upload the XML file you downloaded from JumpCloud.
    5. Click Enable.

FAQs

Why can't my new employee log into Bob using Azure SSO?

A new employee may have trouble logging into Bob using Azure SSO and get a response stating Need admin approval. If this happens, it means the Bob application in Azure is missing Admin consent.

  1. Log in to Azure using the Azure Admin account.
  2. From the left sidebar, select Azure Active Directory > Enterprise applications. Select Bob, then select Permissions. Click Grant admin consent.

To learn more, see this help article by Azure.