What is SAML Single Sign On?
SAML Single Sign On allows people to use their company email address and password (the same information that they would use to log in to their work computer) to log in to BC, provided that their BC Server has been set up to allow this. This means that people do not need to remember another separate password for BC.
Can I use SAML Single Sign On?
SAML Single Sign On is supported in BC7.3.0 and above. However it cannot be enabled by default. Some configuration is required to connect the BC Server to the appropriate SAML authentication system. The connection is normally made to a Microsoft Azure application which manages the email addresses of the users belonging to the company. This configuration would normally be organised by the System Administrators through the BC Account Manager, and is usually chargeable work. This page lists the technical information that we would need about the SAML application in order to be able to configure it on your BC Server.
If SAML Single Sign On is enabled on your system, you will see the "Use my corporate Account" button appearing on the login page of your BC server, as shown in the screenshot below.
How to log in if SAML Single Sign On is enabled on your BC Server
- To log in using this method, click on "Use my corporate Account" from the login page.
- Enter your company email address in the first Microsoft Login prompt which appears, and advance to the next step.
- This email address would be the email address that you would use to log in to your company computer.
- This email address must match an email address that is connected with your BC user account.
- Enter the password that you would use to log into your company computer and advance to the next step.
- You should be redirected back to the home page in BC.
Note: You may find that you don't have to enter details of your corporate account in steps 2 and 3 - you may be logged directly into BC. This would happen if you have already authenticated with your Online Microsoft Account, e.g. when accessing any application using Microsoft authentication such as your company’s Intranet or if you signed in Microsoft’s Azure or Office365 ecosystem.
Once you have successfully authenticated, the fact that you chose to log in via SAML will be remembered on this device and browser for 30 days, although this 30 days is renewed each time you visit BC.
If you change browsers or computers, you will need to reauthenticate which will mean clicking the “Use my corporate Account” option again.
Please note that using SAML Single Sign On does not stop your normal BC username and password from working, and it is still possible for users whose accounts are not connected with the SAML authentication system to log in with their BC usernames and passwords. This feature provides an alternative way of logging in rather than forcing all authentication to be carried out through this method.