Set up SAML 2.0 SSO with an external Identity Provider
Short article description
How to set up Single Sign-On for BitaBIZ with an Identity Provider that supports SAML 2.0, such as: Okta, OneLogin, AWS, CA Technologies.
Quick answer
BitaBIZ supports SAML 2.0 Single Sign-On. This means customers can set up SSO for BitaBIZ with an external Identity Provider, as long as the provider supports SAML 2.0.
If your company uses Microsoft Entra ID, you should use BitaBIZ’s Microsoft guide.
If your company uses another Identity Provider, your IDP provider or internal IT department will need to help with the setup on the IDP side. In BitaBIZ, you’ll need to enter the SAML details provided by your Identity Provider.
Applies to
This article is for customers who want to set up SAML 2.0 Single Sign-On for BitaBIZ with an Identity Provider other than Microsoft Entra ID.
Examples of Identity Providers include:
Okta
OneLogin
AWS
CA Technologies
other IDP solutions that support SAML 2.0
Prerequisites
Before you start, you’ll need:
Setup Admin role in BitaBIZ
access to create or configure a SAML 2.0 application with your Identity Provider
help from your IDP provider or internal IT department if you don’t manage the IDP yourself
the SAML details that need to be copied between BitaBIZ and the Identity Provider
Step-by-step:
Log in to BitaBIZ.
Go to Setup Admin.
Go to Integrations.
Select SAML 2.0 integration.
Copy these details from BitaBIZ to your Identity Provider:
Entity ID
Assertion Consumer Service URL
Create BitaBIZ as a SAML 2.0 application in your Identity Provider.
Contact your IDP provider or internal IT department if you’re unsure where to enter the details in the IDP.
Then copy these details from your Identity Provider back to BitaBIZ:
Identity Provider Single Sign-On Service URL
Identity Provider Issuer URL
Signing Certificate (Base64 encoded)
Enter your company’s Domain name in BitaBIZ.
Check SSO enabled.
Click Save SAML SSO configuration.
Test login with a user who has been granted access to the BitaBIZ application in your Identity Provider.
Important to know
BitaBIZ supports SAML 2.0, but BitaBIZ cannot document the specific setup for every external Identity Provider.
The setup on the IDP side may vary depending on the provider. Customers should contact their IDP provider or internal IT department for help with setup, field names, attributes, and user assignment in the IDP.
BitaBIZ needs the SAML details generated by your Identity Provider. Once they are saved in BitaBIZ, SSO can be enabled.
If your company uses Microsoft Entra ID, you should use the Microsoft section in the Help Center instead of this general SAML article.
What information should be copied from BitaBIZ to the Identity Provider?
When you create BitaBIZ as a SAML 2.0 application in your Identity Provider, you’ll typically need these details from BitaBIZ:
Field in BitaBIZ | Typically used in the IDP as |
Entity ID | Entity ID, Audience URI, or SP Entity ID |
Assertion Consumer Service URL | Assertion Consumer Service URL, ACS URL, or Single Sign-On URL |
Field names may vary from one IDP to another. If you’re unsure, contact your IDP provider.
What information should be entered in BitaBIZ?
Once the BitaBIZ application is created in your Identity Provider, you need to enter these details in BitaBIZ:
Field in BitaBIZ | What the field is used for |
Identity Provider Single Sign-On Service URL | The login URL from your Identity Provider |
Identity Provider Issuer URL | The issuer URL from your Identity Provider |
Signing Certificate (Base64 encoded) | The certificate from your Identity Provider |
Domain name | Your company’s domain for SSO login |
SSO enabled | Enables the SSO configuration in BitaBIZ |
The certificate must be entered as a Base64 encoded certificate.
Permissions and access
Setting up in BitaBIZ requires access to Setup Admin.
Setting up in the Identity Provider requires access to manage SAML 2.0 applications in the customer’s IDP solution.
BitaBIZ can help with which fields need to be filled out in BitaBIZ. The customer’s IDP provider or internal IT department must help with setup, user assignment, and technical configuration on the IDP side.
FAQ
Can we use an IDP other than Microsoft Entra ID?
Can we use an IDP other than Microsoft Entra ID?
Yes. BitaBIZ supports SAML 2.0, so other IDP solutions can be used if they support SAML 2.0.
Which BitaBIZ details do we need in our Identity Provider?
Which BitaBIZ details do we need in our Identity Provider?
You need to copy the Entity ID and Assertion Consumer Service URL from BitaBIZ to your Identity Provider.
Which IDP details do we need to enter in BitaBIZ?
Which IDP details do we need to enter in BitaBIZ?
You need to enter the Identity Provider Single Sign-On Service URL, Identity Provider Issuer URL, and Signing Certificate (Base64 encoded) in BitaBIZ.
Do users need to be assigned access in the Identity Provider?
Do users need to be assigned access in the Identity Provider?
Yes, users usually need to be assigned access to the BitaBIZ application in the customer’s Identity Provider. The exact method depends on the IDP solution.
BitaBIZ is rejecting login. What could be the reason?
BitaBIZ is rejecting login. What could be the reason?
Login can fail if the Entity ID, Assertion Consumer Service URL, Issuer URL, SSO Service URL, or certificate do not match between BitaBIZ and the Identity Provider.
Contact your IDP provider or internal IT department to check the SAML configuration.
Why isn’t the setup working even though all fields are filled out?
Why isn’t the setup working even though all fields are filled out?
The reason could be an incorrect certificate, wrong URL, missing user assignment, or incorrect SAML configuration in the Identity Provider.
BitaBIZ can check the fields in BitaBIZ. The IDP side must be checked by the customer’s IDP administrator.
I can’t log in with SSO. What should I check?
I can’t log in with SSO. What should I check?
First, check that SSO enabled is checked in BitaBIZ and that the SAML configuration is saved.
Then check that the user has access to the BitaBIZ application in your Identity Provider.
Can we use Okta for SSO with BitaBIZ?
Can we use Okta for SSO with BitaBIZ?
Yes. Okta can be used for SSO with BitaBIZ if your Okta setup supports SAML 2.0. The setup on the Okta side must be handled by your Okta administrator or Okta support.
Can we use AWS as an Identity Provider?
Can we use AWS as an Identity Provider?
Yes, if your AWS solution supports SAML 2.0 and can provide the necessary SAML details to BitaBIZ.