This is a guide for how to set up SSO in your BI Book environment. Follow your organizations information security policy and guidelines.
- For SSO setup BI Books support team must enable SSO in your environment
- Ensure you have a global admin account in the Azure AD you are setting up SSO in.
- Ensure you are a Admin or Superadmin in your BI Book enviroment
How to set up:
Setting up on BI Books Side
- Login with your admin account
- Go to the "Management" tab (if not visible you are not an admin)
- Choose "Edit company"
- Navigate to "SSO" (if not visible, SSO is not enabled)
- Choose "SAML" as SSO method.
Setting up in Azure AD:
Log in as Admin to your tenant and make sure you have elevated your user rights to global admin
Go to your tenants Azure Active Directory
Navitage to "Enterprise Applications"
press "+ New application"
press "+ Create your own application"
Add a name for the enterprise application (For example BI Book)
Not necessary to change the "What are you looking to do with your application?" setting
Wait for creation, can take a few minutes.
under "Manage" section navigate to "Single sign-on"
Choose "SAML" as option
Edit the "Basic SAML Configuration field"
Add the "Identifier (Entity ID)" as the "SP Entity ID from Bi Book SSO Settings.
- SP Entity ID
Add the "Reply URL (Assertion Consumer Service URL" as the SP ACS from your bibook environment
- SP ACS URL
- SP ACS URL
Go to section 3. SAML Certificates and download the "Federation metadata XML"
Upload the XML to Bi Book in the Admin portal.
Make sure you go to the corresponding app registration and set up everything properly
Grant admin content to API scope. under API permissions
Also under the enterprise application, make sure your "properties" tab is set up according to your needs, and user and group is assigned to the application to access it, also in your azure AD.
Navigate to your subdomain your_domain.bibook.com in a new browser or incognito mode or similar.
Press the SSO button and test your SSO configuration
reach out to firstname.lastname@example.org if you have issues.