Overview
This article helps Enterprise teams integrate BombBomb Engage with SSO providers using SAML 2.0 (Azure/Entra, Onelogin, Jumpcloud, etc.). This connection enables secure Single Sign-On (SSO), strengthens authentication, and centralizes user access management.
Who This Applies To
✅ Plan Type: Enterprise
Step 1: Create a Custom Enterprise Application
- For Azure/Entra specifically, see our article "Connecting with Entra ID (Azure Active Directory) SAML"
- Be sure to create a new application, do not choose any existing applications as any that may be available are not actively supported.
Step 2: Configure Single Sign-On
- When asked to add an Identifier in the Identifier (Entity ID) section and enter the following value for your setup:
urn:auth0:bombbomb:[YOUR_COMPANY_NAME_IN_LOWERCASE]-saml
- Select Add Identifier in the Reply URL (Assertion Consumer Service URL) and enter the following value for your setup:
https://auth.bombbomb.com/login/callback?connection=yourcompanynameinlowercase-saml
- Enter https://app.bombbomb.com/app for the Sign-on URL
- Leave Relay State empty
- Enter https://app.bombbomb.com/app/index.php?actn=logout as the value for “Logout URL”
Step 3: Confirm Attributes & Claims
- Verify the following values are set in"Attributes & Claims"
| givenname | user.givenname |
| Surname | user.surname |
| Emailaddress | user.mail |
| Name | user.userprincipalname |
| Unique User Identifier | user.userprincipalname |
Step 4: Send an email to your BombBomb representative with the following information
- The email address you would like to be updated at with any SSO updates or changes (Certificates usually need to be updated every year, so we would like to know who to contact for that update)
- Download and attach the Certificate (Base64) file
- Copy and paste the Login URL value
- Copy and paste the Logout URL value
- The Entity ID used
(urn:auth0:bombbomb:[your_company_name_in_lowercase]-saml)
- Copy and paste the Identifier you used in the Reply URL section for step 2 (https://auth.bombbomb.com/login/callback?connection=yourcompanynameinlowercase-saml)
- The list of domains you want redirected to your SSO provider
Include in the email all of the above items and you can expect a turnaround of seven days from when we confirm receiving the information.
🗣️ For example, if you provide an email address domain of @example.com and @example.org, a user signing in with jane@example.com or joe@example.org will redirect to your sign-in page for authentication. Users will also be prevented from signing in with those email domains directly and through a third-party provider, such as Google Sign-In.
Step 5: Verify users have been added
- Confirm users have been added both in BombBomb and in your SSO provider
🗣️ Note: Users must exist in both BombBomb and your SSO provider to authenticate successfully.
FAQs / Common Issues
Q: Can I use the old BombBomb application template listed or should I create a new application?
A: No. Always create a new custom application. The old template is no longer supported.
Q: What if users aren't redirected correctly to the login page?
A: Ensure you provided the correct list of email domains to BombBomb Support.
Q: Do users have to be assigned in the SSO provider?
A: Yes. Assign users or groups to the SSO app manually.