This is a guide for how to set up SSO in your BI Book environment.  Follow your organizations information security policy and guidelines.


Pre-requisites

  1. For SSO setup BI Books support team must enable SSO in your environment
  2. Ensure you have a global admin account in the Azure AD you are setting up SSO in.
  3. Ensure you are a Admin or Superadmin in your BI Book enviroment 


How to set up:

  1. Set up SSO in your Azure AD following these instructions
  2. Test your connection
  3. Reach out to BI Book support to disable other authentication methods to ensure the security of your subdomain.



Setting up on BI Books Side

  1. Login with your admin account
  2. Go to the "Management" tab (if not visible you are not an admin)
  3. Choose "Edit company"
    1.  
  4. Navigate to "SSO" (if not visible, SSO is not enabled)
  5. Choose "SAML" as SSO method. 
  6. Setting up in Azure AD:

    1. Log in as Admin to your tenant and make sure you have elevated your user rights to global admin

    2. Go to your tenants Azure Active Directory

    3. Navitage to "Enterprise Applications"

    4. press "+ New application"

    5. press "+ Create your own application"

    6. Add a name for the enterprise application (For example BI Book)

    7.  Not necessary to change the "What are you looking to do with your application?" setting

    8. Press "Create"

    9. Wait for creation, can take a few minutes. 

    10. under "Manage" section navigate to "Single sign-on"

    11. Choose "SAML" as option

    12. Edit the "Basic SAML Configuration field"

    13. Add the "Identifier (Entity ID)" as the "SP Entity ID from Bi Book SSO Settings. 

      1. SP Entity ID
    14. Add the "Reply URL (Assertion Consumer Service URL" as the SP ACS from your bibook environment

      1. SP ACS URL

         

    15. save. 

    16. Go to section 3. SAML Certificates and download the "Federation metadata XML"

    17. Upload the XML to Bi Book in the Admin portal. 

    18. Press Save. 

    19. Make sure you go to the corresponding app registration and set up everything properly

      1. Grant admin content to API scope. under API permissions

      2. Also under the enterprise application, make sure your "properties" tab is set up according to your needs, and user and group is assigned to the application to access it, also in your azure AD.

    20. Navigate to your subdomain your_domain.bibook.com in a new browser or incognito mode or similar. 

    21. Press the SSO button and test your SSO configuration


reach out to support@bibook.com if you have issues. 









A