Set up Azure Active Directory Single Sign On (SSO)

Set up Azure Active Directory SSO so your employees can log into Bob using their Azure account credentials.


Note: For any SSO integration to work, the employee email set in Bob must match exactly the email as defined by the SSO provider.

How to set up Azure Active Directory SSO

  1. From the left menu, select Settings > Integrations.
  2. Select SSO (Single Sign-on)from the menu.
  3. On the Azure tile, click Connect.
  4. Click Enable.
    The Azure Admin will need to log in to Bob using Azure and grant consent to all employees logging in to Bob using Azure. 

How to grant consent to all employees:

  1. Open Bob.
  2. On the login screen, select Connect with Microsoft.

    Note: You'll need to sign out of Bob before you do this.

  3. Enter the Azure Admin email and click login.

    Note: The Azure Admin does not need to be an employee in Bob.

  4. In the Permissions requested page, make sure to mark the Consent on behalf of your organization checkbox.

    Note: Without marking the checkbox, employees will not be able to access Bob using Azure SSO. 

  5. Click Accept
  6. In Azure, make sure to add the relevant users/groups to the Bob Enterprise application. Users will now be redirected to Azure portal when logging in. 


Why can't my new employee log into Bob using Azure SSO?

A new employee may have trouble logging into Bob using Azure SSO and get a response stating Need admin approval. If this happens, it means the Bob application in Azure is missing Admin consent. To rectify this, log in to Azure using the Azure Admin account. Then, from the left sidebar, select Azure Active Directory > Enterprise applications. Select Bob, then select Permissions. Click Grant admin consent. To learn more, see this help article by Azure.