Single Sign On (SSO) is available for DocBoss. If enabled, users with the company domain will be redirected to their identity provider to sign in to access DocBoss.
Set up
Requirements
The first step is to contact DocBoss Support and request that Single Sign On is enabled.
We will ask for some information. Your IT will need to gather this:
- Domain (users with email from this domain will be redirected to identity provider)
- Type of the application they use (ie. Microsoft Azure)
- Supported account types, if applicable (see below, Azure example step 2)
- Application (client) ID (example step 3)
- Client Secret (example step 4)
- Endpoints (Authorization, Token, Issuer) (example step 6)
After this information is provided, DocBoss Support will provide a redirect URI for your application. This will redirect users back to DocBoss after authentication in your identity provider. This must be added in your identity provider application by your IT.
Walkthrough (Microsoft Azure)
The example below uses Microsoft Azure as the identity provider. If you are using a different provider, refer to their documentation for how to set up Single Sign On.
1. Log into Microsoft Azure and select App registrations > Register an application.
2. Enter the display name and account type. Make note of the account type to advise DocBoss Support.
3. On the next screen, under the Essentials tab, copy the Application (client) ID. Make note of this to provide DocBoss Support.
4. On the Client credentials option, select Add a certificate or secret. Add a certificate and copy the secret to provide DocBoss Support.
5. Select the Endpoints tab.
6. Copy the link for the OpenID Connect metadata document to provide DocBoss Support. This includes all of the endpoints (Authorization, Token, Issuer) DocBoss requires information on.
The next step is only available after providing the information from the previous steps to DocBoss Support:
7. After DocBoss Support provides redirect URI, navigate to the Essentials section of this app in Azure and select Add a redirect URI. Paste the redirect URI provided by DocBoss.
To use
Any user with email in the given domain will be redirected from DocBoss to the identity provider after entering their email address on the login screen.
At this time, Single Sign On is only available for user authentication, not for user management. Users should be added in DocBoss by an admin user. When SSO is enabled, no password is saved for the user in DocBoss.