SSO-SAML Custom Feature: Difference between revisions

(5 intermediate revisions by the same user not shown)

Line 1:

{{#seo:

|title=SSO-SAML Custom Feature - SimplyBook.me

|description=Integrate SSO-SAML for secure, single-sign-on authentication. Simplify access for your team. Activate this feature now!

|titlemode=append

|keywords=faq, frequently asked questions, booking software, appointment system questions, appointments online, calendar software, booking system, booking calendar, scheduling software, online appointment scheduling, online scheduling, plugins, custom features, additional functionality, sso, saml, single sign-on, system login, system access, access to the account

}}

</translate>

[[File:Saml icon.png| left]] This custom feature allows to setup Single Sign-On process for you as the system admin and your account users thus enabling login to SimplyBook.me system from MS Azure applications panel. You can create users in MS Azure within the desired access level groups and the corresponding user types will be added in your SimplyBook.me system on the first login.

[[File:Saml icon.png| left]] This custom feature allows to setup Single Sign-On process for you as the system admin and your account users thus enabling login to SimplyBook.me system from MS Azure or Okta applications panel. You can create users in MS Azure/Okta within the desired access level groups and the corresponding user types will be added in your SimplyBook.me system on the first login.

'''Please note!'''

Currently SSO is available with [https://portal.azure.com/#home Microsoft Azure(Microsoft Entra ID)] only.

Currently SSO is available with [https://portal.azure.com/#home Microsoft Azure(Microsoft Entra ID)] & [https://www.okta.com Okta SSO] only.

</translate>

__FORCETOC__

;How to use:

==How to set & use Microsoft Azure==

:1. Create account at [https://portal.azure.com/#home Microsoft Azure] if you do not have one yet.

Line 22:

Line 33:

[[File:Sso settings path redesigned.png|1200px|border|center|link=https://help.simplybook.me/images/9/9a/Sso_settings_path_redesigned.png]]

</translate>

:4. Click on Microsoft Azure Configuration on the left and log in to your MS Azure account there to start connection setup.

:'''Please note!''' You need to have administrator access in MS Azure as well to be able to connect applications.

Line 29:

Line 43:

[[File:Sso connected first block redesigned.png|1200px|border|center|link=https://help.simplybook.me/images/c/cf/Sso_connected_first_block_redesigned.png]]

</translate>

:6. In MS Azure please navigate to Active Directory(Entra ID).

[[File:Manage ms entra id new path.png|1200px|border|center|link=]]

:7. Select Enterprise applications in the left-side menu and add new application.

</translate>

:(you may need paid MS Azure or Premium trial subscription there to add applications)

[[File:Enterprise applications ms new.png|1200px|border|center|link=https://help.simplybook.me/images/8/8d/Enterprise_applications_ms_new.png]]

Line 54:

Line 74:

[[File:Sbm saml download cetrificate.png|border|center]]

</translate>

[[File:Base64 certificate paste new.png|1200px|border|center|link=https://help.simplybook.me/images/e/e6/Base64_certificate_paste_new.png]]

Line 71:

Line 94:

[[File:Setup claims new.png|1200px|border|center|link=https://help.simplybook.me/images/8/81/Setup_claims_new.png]]

</translate>

:17. Copy the claims titles to the corresponding boxes on SimplyBook.me side.

[[File:Copy claims new.png|1200px|border|center|link=https://help.simplybook.me/images/9/9b/Copy_claims_new.png]]

Line 95:

Line 121:

:'''Please note!'''

*It is not possible to connect existing SimplyBook.me side users to MS Azure users.

*For such users it is not possible to reset SimplyBook.me passwords, edit access level, username~~, access personal data report~~.

*For such users it is not possible to reset SimplyBook.me passwords, edit access level, username.

:They need to contact MS Azure administrator if they loose access to applications page or contact SimplyBook.me default admin to request personal data report.

*If you need to restrict access for such users you can remove or block them on MS Azure side.

*If you change the group the user is included to on MS Azure side or remove the user there the access level will be updated on SimplyBook.me side within several minutes or the user will be logged out.

</translate>

==How to set & use Okta==

:1. Create account at [https://www.okta.com Okta].

:2. Navigate to '''Applications''' in Okta admin panel and click to create a new app there.

[[File:Okta create app integration path.png|1200px|center|link=https://help.simplybook.me/images/c/c7/Okta_create_app_integration_path.png]]

:3. Add the desirable name and upload a logo.

[[File:Okta app add name & logo.png|1200px|center|link=https://help.simplybook.me/images/0/0a/Okta_app_add_name_%26_logo.png]]

:4. Select '''SAML''' method.

[[File:Okta app saml select.png|1200px|center|link=https://help.simplybook.me/images/4/4b/Okta_app_saml_select.png]]

:5. On the SAML settings step please copy the '''Audience URI''' and '''Okta Single Sign-On URL''' from SimplyBook.me SSO-SAML custom feature -> Manage -> Okta SAML Single Sign-On and paste to the corresponding fields on the Okta side.

[[File:Create saml integration step 1.png|1200px|center|link=https://help.simplybook.me/images/3/37/Create_saml_integration_step_1.png]]

:6. Set '''Name ID''' and '''Application username''' as in the image below.

[[File:Create saml integrattion 2.png|1200px|center|link=https://help.simplybook.me/images/3/32/Create_saml_integrattion_2.png]]

:7. Scroll the page to '''Attribute settings''' and add the attributes for name, email, id and firstname as in the example.

:And separately '''group''' attribute in the corresponding block.

[[File:Saml add attribite statements.png|1200px|center|link=https://help.simplybook.me/images/8/8c/Saml_add_attribite_statements.png]]

:On the SimplyBook.me side please make sure the same attributes are indicated in the '''User attributes and claims''' tab.

:8. Proceed to the next step.

[[File:Saml proceed to the next.png|1200px|center|link=https://help.simplybook.me/images/0/03/Saml_proceed_to_the_next.png]]

:9. The app is now saved. Please open '''Sign on''' tab and click on ''' on '''More details''' there.

[[File:Saml sign on more details.png|1200px|center|link=https://help.simplybook.me/images/4/4c/Saml_sign_on_more_details.png]]

:10. Copy '''Sign on URL''', '''Sign out URL''', '''Issuer''' and '''Signing certificate''' in Okta and paste them to the corresponding fields in SimplyBook.me SSO-SAML custom feature -> Manage -> Okta SAML Single Sign-On

[[File:Saml copy urls from okta.png|1200px|center|link=https://help.simplybook.me/images/3/38/Saml_copy_urls_from_okta.png]]

:11. Now in Okta interface make sure all necessary employees are added to the system in '''People''' tab.

[[File:Add people okta.png|1200px|center|link=https://help.simplybook.me/images/b/b7/Add_people_okta.png]]

:12. In '''Groups''' tab - create the groups matching the SimplyBook.me access levels. Assign the employees to these groups.

[[File:Create groups okta.png|1200px|center|link=https://help.simplybook.me/images/c/c0/Create_groups_okta.png]]

[[File:Assign people to groups okta.png|1200px|center|link=https://help.simplybook.me/images/0/07/Assign_people_to_groups_okta.png]]

:13. Assign the groups and people to the application that you've created.

[[File:Assign applications to groups.png|1200px|center|link=https://help.simplybook.me/images/7/78/Assign_applications_to_groups.png]]

:14. In the SimplyBook.me side please indicate the groups names in the '''User groups matching settings''' tab. Save settings.

:15. Everything is ready now. Your employees an now log in to your company account at SimplyBook.me with one single click on the Okta panel (the user in SimplyBook.me will be automatically create on the first login with the corresponding rights)

[[File:Login screen okta.png|1200px|center|link=https://help.simplybook.me/images/0/06/Login_screen_okta.png]]

</translate>

@@ Line 1: / Line 1: @@
+<languages/>
+<translate>
+<!--T:1-->
 {{#seo:
 |title=SSO-SAML Custom Feature - SimplyBook.me
+|description=Integrate SSO-SAML for secure, single-sign-on authentication. Simplify access for your team. Activate this feature now!
 |titlemode=append
 |keywords=faq, frequently asked questions, booking software, appointment system questions, appointments online, calendar software, booking system, booking calendar, scheduling software, online appointment scheduling, online scheduling, plugins, custom features, additional functionality, sso, saml, single sign-on, system login, system access, access to the account
 }}
+</translate>
+<translate>
-[[File:Saml icon.png| left]] <br>This custom feature allows to setup Single Sign-On process for you as the system admin and your account users thus enabling login to SimplyBook.me system from MS Azure applications panel. You can create users in MS Azure within the desired access level groups and the corresponding user types will be added in your SimplyBook.me system on the first login.
+<!--T:2-->
+[[File:Saml icon.png| left]] <br>This custom feature allows to setup Single Sign-On process for you as the system admin and your account users thus enabling login to SimplyBook.me system from MS Azure or Okta applications panel. You can create users in MS Azure/Okta within the desired access level groups and the corresponding user types will be added in your SimplyBook.me system on the first login.
 <br><br>
 <br><br>
 <span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">'''Please note!'''</span><br>
-<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">Currently SSO is available with <span style="background-color:#cdeffc; padding:5px; border-radius:5px;">[https://portal.azure.com/#home Microsoft Azure(Microsoft Entra ID)]</span> only.</span>
+<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">Currently SSO is available with <span style="background-color:#cdeffc; padding:5px; border-radius:5px;">[https://portal.azure.com/#home Microsoft Azure(Microsoft Entra ID)]</span> & <span style="background-color:#cdeffc; padding:5px; border-radius:5px;">[https://www.okta.com Okta SSO]</span> only.</span>
+</translate>
+<translate>
+<!--T:3-->
+__FORCETOC__
+<!--T:4-->
-;How to use:
+==How to set & use Microsoft Azure==
 <br>
 :1. Create account at <span style="background-color:#cdeffc; padding:5px; border-radius:5px;">[https://portal.azure.com/#home Microsoft Azure]</span> if you do not have one yet.
@@ Line 22: / Line 33: @@
 [[File:Sso settings path redesigned.png|1200px|border|center|link=https://help.simplybook.me/images/9/9a/Sso_settings_path_redesigned.png]]
 <br><br>
+</translate>
+<translate>
+<!--T:5-->
 :4. Click on <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">Microsoft Azure Configuration</span> on the left and log in to your <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">MS Azure account</span> there to start connection setup.
 :<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">'''Please note!''' You need to have administrator access in MS Azure as well to be able to connect applications.</span>
@@ Line 29: / Line 43: @@
 [[File:Sso connected first block redesigned.png|1200px|border|center|link=https://help.simplybook.me/images/c/cf/Sso_connected_first_block_redesigned.png]]
 <br><br>
+</translate>
+<translate>
+<!--T:6-->
 :6. In MS Azure please navigate to <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">Active Directory(Entra ID).</span>
 [[File:Manage ms entra id new path.png|1200px|border|center|link=]]
 <br><br>
 :7. Select <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">Enterprise applications</span> in the left-side menu and <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">add new application.</span><br>
+</translate>
+<translate>
+<!--T:7-->
 :(you may need paid MS Azure or Premium trial subscription there to add applications)
 [[File:Enterprise applications ms new.png|1200px|border|center|link=https://help.simplybook.me/images/8/8d/Enterprise_applications_ms_new.png]]
@@ Line 54: / Line 74: @@
 [[File:Sbm saml download cetrificate.png|border|center]]
 <br><br>
+</translate>
+<translate>
+<!--T:8-->
 [[File:Base64 certificate paste new.png|1200px|border|center|link=https://help.simplybook.me/images/e/e6/Base64_certificate_paste_new.png]]
 <br><br>
@@ Line 71: / Line 94: @@
 [[File:Setup claims new.png|1200px|border|center|link=https://help.simplybook.me/images/8/81/Setup_claims_new.png]]
 <br><br>
+</translate>
+<translate>
+<!--T:9-->
 :17. Copy the claims titles to the corresponding boxes on <span style="background-color:#d4f8e5; padding:5px; border-radius:5px;">SimplyBook.me side.</span>
 [[File:Copy claims new.png|1200px|border|center|link=https://help.simplybook.me/images/9/9b/Copy_claims_new.png]]
@@ Line 95: / Line 121: @@
 :<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">'''Please note!'''</span><br>
 *<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">It is not possible to connect existing SimplyBook.me side users to MS Azure users.</span>
-*<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">For such users it is not possible to reset SimplyBook.me passwords, edit access level, username, access personal data report.</span><br>
+*<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">For such users it is not possible to reset SimplyBook.me passwords, edit access level, username.</span><br>
 :<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">They need to contact MS Azure administrator if they loose access to applications page or contact SimplyBook.me default admin to request personal data report.</span><br>
 *<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">If you need to restrict access for such users you can remove or block them on MS Azure side.</span><br>
 *<span style="background-color:#ffe9e9; padding:5px; border-radius:5px;">If you change the group the user is included to on MS Azure side or remove the user there the access level will be updated on SimplyBook.me side within several minutes or the user will be logged out.</span>
+<br><br><br><br>
+</translate>
+<translate>
+<!--T:10-->
+==How to set & use Okta==
+:1. Create account at [https://www.okta.com Okta].
+<br><br>
+:2. Navigate to '''Applications''' in Okta admin panel and click to create a new app there.
+[[File:Okta create app integration path.png|1200px|center|link=https://help.simplybook.me/images/c/c7/Okta_create_app_integration_path.png]]
+<br><br>
+:3. Add the desirable name and upload a logo.
+[[File:Okta app add name & logo.png|1200px|center|link=https://help.simplybook.me/images/0/0a/Okta_app_add_name_%26_logo.png]]
+<br><br>
+:4. Select '''SAML''' method.
+[[File:Okta app saml select.png|1200px|center|link=https://help.simplybook.me/images/4/4b/Okta_app_saml_select.png]]
+<br><br>
+:5. On the SAML settings step please copy the '''Audience URI''' and '''Okta Single Sign-On URL''' from SimplyBook.me SSO-SAML custom feature -> Manage -> Okta SAML Single Sign-On and paste to the corresponding fields on the Okta side.
+[[File:Create saml integration step 1.png|1200px|center|link=https://help.simplybook.me/images/3/37/Create_saml_integration_step_1.png]]
+<br><br>
+:6. Set '''Name ID''' and '''Application username''' as in the image below.
+[[File:Create saml integrattion 2.png|1200px|center|link=https://help.simplybook.me/images/3/32/Create_saml_integrattion_2.png]]
+<br><br>
+:7. Scroll the page to '''Attribute settings''' and add the attributes for name, email, id and firstname as in the example.<br>
+:And separately '''group''' attribute in the corresponding block.<br>
+[[File:Saml add attribite statements.png|1200px|center|link=https://help.simplybook.me/images/8/8c/Saml_add_attribite_statements.png]]
+<br><br>
+:On the SimplyBook.me side please make sure the same attributes are indicated in the '''User attributes and claims''' tab.
+<br><br>
+:8. Proceed to the next step.
+[[File:Saml proceed to the next.png|1200px|center|link=https://help.simplybook.me/images/0/03/Saml_proceed_to_the_next.png]]
+<br><br>
+:9. The app is now saved. Please open '''Sign on''' tab and click on ''' on '''More details''' there.
+[[File:Saml sign on more details.png|1200px|center|link=https://help.simplybook.me/images/4/4c/Saml_sign_on_more_details.png]]
+<br><br>
+:10. Copy '''Sign on URL''', '''Sign out URL''', '''Issuer''' and '''Signing certificate''' in Okta and paste them to the corresponding fields in SimplyBook.me SSO-SAML custom feature -> Manage -> Okta SAML Single Sign-On
+[[File:Saml copy urls from okta.png|1200px|center|link=https://help.simplybook.me/images/3/38/Saml_copy_urls_from_okta.png]]
+<br><br>
+:11. Now in Okta interface make sure all necessary employees are added to the system in '''People''' tab.
+[[File:Add people okta.png|1200px|center|link=https://help.simplybook.me/images/b/b7/Add_people_okta.png]]
+<br><br>
+:12. In '''Groups''' tab - create the groups matching the SimplyBook.me access levels. Assign the employees to these groups.
+[[File:Create groups okta.png|1200px|center|link=https://help.simplybook.me/images/c/c0/Create_groups_okta.png]]
+[[File:Assign people to groups okta.png|1200px|center|link=https://help.simplybook.me/images/0/07/Assign_people_to_groups_okta.png]]
+<br><br>
+:13. Assign the groups and people to the application that you've created.
+[[File:Assign applications to groups.png|1200px|center|link=https://help.simplybook.me/images/7/78/Assign_applications_to_groups.png]]
+<br><br>
+:14. In the SimplyBook.me side please indicate the groups names in the '''User groups matching settings''' tab. Save settings.
+<br><br>
+:15. Everything is ready now. Your employees an now log in to your company account at SimplyBook.me with one single click on the Okta panel (the user in SimplyBook.me will be automatically create on the first login with the corresponding rights)
+[[File:Login screen okta.png|1200px|center|link=https://help.simplybook.me/images/0/06/Login_screen_okta.png]]
 <br><br>
 <br><br>
+</translate>