It is vital for adoption and productivity to make sure that your systems can connect to one another. Well, luckily for you, BombBomb can connect with many systems through Azure SSO. Follow the steps below to set that connection up.
Create a Custom Enterprise Application
- Go to portal.azure.com and open the "Azure Active Directory Portal."
- Navigate to "Enterprise Applications" in the left nav menu .
- Click "New application."
- Click "Create your own application ."
- Enter AAD to BombBomb as the name of the app.
- You may enter whatever value you want here; it has no bearing on future steps. Do not use “BombBomb.” That will be the name of our Azure AD App when it is released.
- Select "Integrate any other application you don't find in the gallery (Non-gallery)."
- Ignore the prompt below “We found the following applications that may match your entry”. The old BombBomb entry there is out of date and does not work.
- Click "Create."
Configure Single Sign-On
- In the enterprise application overview window, click on "Single sign-on" in the left nav menu.
- Click "SAML" in the Select a single sign-on method
Step 1: Edit Basic SAML Configuration
- Click the "Edit pencil" in step 1, Basic SAML Configuration
- Select "Add Identifier" in the Identifier (Entity ID) section and enter the following value for your setup:
- Select Add Identifier in the Reply URL (Assertion Consumer Service URL) and enter the following value for your setup:
- Enter https://app.bombbomb.com/app for the Sign-on URL
- Leave Relay State empty
- Enter https://app.bombbomb.com/app/index.php?actn=logout as the value for “Logout URL”
Step 2: Confirm Attributes & Claims
- Verify the following values are set in Step 2, "Attributes & Claims"
|Unique User Identifier||user.userprincipalname|
Step 3: Send an email to your BombBomb representative with the following information
- Download and attach the Certificate (Base64) file
- Copy and paste the Login URL value
- Copy and paste the Azure AD Identifier
- Copy the Logout URL value
- Include in the email the above items as well as the identifier you used in Step 1 above and a list of email address domains that should redirect to your login page when entered.
For example, if you provide an email address domain of @example.com and @example.org, a user signing in with firstname.lastname@example.org or email@example.com will redirect to your sign-in page for authentication. Users will also be prevented from signing in with those email domains directly and through a third-party provider, such as Google Sign-In.
Step 4: Verify users have been added
- Confirm users have been added both in BombBomb and in the Azure Active Directory Users and groups.