Single sign-on (SSO) is a session and user authentication service that permits your employees to use one set of login credentials (e.g., name and password) to access multiple applications. The service authenticates the user for all the applications the user has rights to, and eliminates further prompts when the user switches applications during the same session. On the backend, SSO is helpful for logging user activities as well as monitoring user accounts.

In this article, you will see:

Get the most out of Bob

The benefits of using single sign-on include: 

  • Mitigate risk for access to 3rd-party sites (user passwords not stored or managed externally). 

  • Reduce password fatigue from different user name and password combinations. 

  • Reduce time spent re-entering passwords for the same identity. 

  • Reduce IT costs due to lower number of IT help desk calls about passwords. 

  • SSO shares centralized authentication servers that all other applications and systems use for authentication purposes and combines this with techniques to ensure that users do not have to actively enter their credentials more than once.

If your organization is using an SSO service, you can connect Bob to it very easily.
From the left menu, select Settings > Integrations > Single Sign On.

Note: For any SSO integration to work, the employee email set in Bob must match exactly the email as defined by the SSO provider.

Google SSO

  1. Login as an Admin, and then from the left menu, select Settings > Integrations > Single Sign-on.

  2. Enable Google.
    Note: Don’t worry, it will not be enabled yet.

  3. Enter your Google domain (e.g. mydomain.com) and click SAVE.

 Users will now be able to login using their google account credentials.

Azure Active Directory

  1. Login as an Admin, and then from the left menu, select Settings > Integrations > Single Sign-on.

  2. Enable Azure and click SAVE.
    Once enabled, the Azure Admin will need to login to Bob using Azure and grant consent to all employees logging in to bob using Azure. 

To grant consent to all employees:

  1. Go to app.hibob.com

  2. In the login screen, select Connect with Microsoft.

  3. Enter the Azure Admin email and click login.
    Note: The Azure Admin does not need to be an employee in Bob.

  4. In the Permissions requested page, make sure to mark the Consent on behalf of your organization checkbox.
    Note: Without marking the checkbox, employees will not be able to access Bob using Azure SSO. 

  5. Click Accept

  6. In Azure, make sure to add the relevant users/groups to the Bob Enterprise application.
    Users will now be redirected to Azure portal when logging in. 

Troubleshooting

A new employee may have trouble logging into Bob using Azure SSO. When trying to log in using Azure, they may get a response stating Need admin approval. If this happens, it means the Bob application in Azure is missing Admin consent.

To fix the issue:

  1. Login to Azure using the Azure Admin account.

  2. From the left sidebar, select Azure Active Directory > Enterprise applications > bob > Permissions, and then click Grant admin consent.

See further instructions from Azure.

One-Login SSO

  1. Login as an Admin, and then from the left menu, select Settings > Integrations > Single Sign-on.

  2. Enable Onelogin.
    Note: Don’t worry, it will not be enabled yet.

  3. Copy the customer ID.

  4. Login to Onelogin and add a new app, search for 'bob' and click SAVE.

  5. Go to Configuration and paste the customer ID from Bob.

  6. Go to SSO, and copy the Issuer URl copied from OneLogin and paste it in the Identity Provider metadata URl field in Onelogin configuration in bob, and SAVE.

OKTA Single Sign-On 

  1. Login as an Admin, and then from the left menu, select Settings > Integrations > Single Sign-on.

  2. Enable Okta.
    Note: Don’t worry, it will not be enabled yet.

  3. Copy the customer ID.

  4. Login to OKTA >  Admin dashboard > search for “bob” and add.

  5. Paste the customer ID from Bob, and click Next.

  6. Assign your employees.

  7. Go to Sign On tab, and copy the Identity Provider metadata and paste it in the Identity Provider metadata url field in Bob Okta configuration, and SAVE.Note: Remember when using SSO, employees also need to be invited to access Bob.

JumpCloud SSO Configuration

This article will assist you to configure SSO with JumpCloud.

  1. Login to your JumpCloud Admin account.
  2. From the left menu, select SSO.
  3. Click the + sign and search for bob.
  4. Click Configure.
    Jump05.png
  5. Set the Display Label name and click on the Identity Management tab.
    Jump06.png
  6. Under ACS URL, replace "YOUR_ID" with your company ID provided by the HiBob support.
  7. Make sure that "Declare Redirect Endpoint" is marked.
  8. Click Activate on the bottom right.
    Jump07.pngOnce the app is created, click the SSO app again and go to the SSO tab.
  9. Click Export Metadata.
    Jump08.png
  10. Provide the HiBob support the exported Metadata to set it up on the HiBob side.