This article explains step-by-step the necessary steps to setup Single Sign-on (SSO) with Google authentication services.
Before setting up SSO, please get in touch with the babelforce Success Team. We will provide you with the redirect URL you need to add to the App you are registering.
Setting up SSO in Microsoft
- Go to https://portal.azure.com/#home and click on Azure Active Directory. If you don't see this option on the first page, click on "More Services".
- From the side bar of the active directory select "App registrations" and create a new app by clicking on "New registration"
- Fill in the details to register the application and confirm with Register
- The redirect URI will be added in the next step as it will be provided by babelforce as soon as you filled in all credentials
- Make sure to save the Application ID and Client Secret
- We will go back to this section once everything is setup and needs to be copied to babelforce
- Next, go to Certificates & secretes to generate the client secrete. Decide on the expiration time.
- Be aware: you must copy the secrete right away - after you left the page, the secret will not be visible anymore. Just pass it to any text processor so you can use it once you enter all data points to the babelforce manager
- View of Client secret once you left the page
- Under Token configuration click on Add optional claim
- select ID
- from the list, chose email
- on saving, allow the permission change
- To complete the setup, go to "Manifest"
- in line 4, change the "null" to 2. It should look like this:
- Now that everything is setup, find the SSO settings in the babelforce manager: https://apps.staging.dev.babelforce.com/manager2/manager/global-settings/sso-identity-settings
- You will only be able to access the settings if you have manager rights
- Before we can start filling out the details, make sure to have your Microsoft azure settings open in another tab
- Go back there, click on overview and "Endpoints". This will give you all the details you need to complete the SSO setup
- if you left the App, go back there via Active Directory > App registration and enter the App you created in the beginning
- To fill out the form, you need a few details. Below you see the mapping in babelforce. Everything that is filled in black is static and can be found as copy past text below the image. Everything in turkey needs to be copied from Azure.
- Watch out: the redirect URIs are not encoded when entering them in babelforce. So if your company uses spaces, it might look like this on the microsoft site (%20 = space):
- in babelforce, just enter the URI like this:
- https://apps.babelforce.com/manager2/user/sso/My Great Test Business
- Site: https://login.microsoftonline.com
- Principle Claim: email
- Name for manager redirect: manager2
- Name for babelConnect redirect: babelconnect2
- Name for dashboard redirect: dashboard