Documentation

Single Sign On (SSO)

Last update: Thu Feb 05 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

Description description

Overview

SAML (security assertion markup language) for SSO (single sign-on) makes it possible for users to authenticate through a company’s identity provider when they log in to the Bizible app. SSO allows a user to authenticate once without needing to authenticate separate apps. SAML is a necessity for enterprise customers because not all users will have a Salesforce or Google account within their organization. In order to scale, Bizible has developed an SAML solution that can support company identity providers.

Disclaimer: It is likely that companies use different Identity Providers (for example, Ping Identity or Okta). The terms used in the following set-up instructions and in the UI may not directly match those used by your Identity Provider.

Requirements

  • User with AccountAdmin permissions in the Bizible App
  • User with administrative access to the customer’s Identity Provider

Getting Started

To get started, navigate to Settings > > Security > > Authentication page in the Bizible application then switch the Login Type to Custom SSO to see the configuration options. Changes will not take effect until you test your authentication and click the Save button at the bottom of the page.

sso1.png

Process

Bizible Single Sign On requires configuring your Authentication settings in a series of steps that is important to follow so that you don’t risk getting locked out of your Bizible account.

  1. Set up the Bizible Application in your Identity Provider. See external documentation for walkthroughs.

    1. When prompted for the Single Sign On URL or Recipient URL or Destination URL, SAML Assertion Customer Service (ACS) URL, use https://apps.bizible.com/BizibleSAML2/ReceiveSSORequest
    2. When prompted for the Audience Restriction URL or application-defined unique identifier, use https://BizibleLPM

  2. Switch to Custom SSO in the Bizible Application

    1. Once the Billing Group has been enabled for your Account, you can now navigate to Settings > > Security > > Authentication
    2. By default, your Login Type will be set to “CRM Users.”
    3. Switch the Login Type to “Custom SSO” to begin the configuration process.

  3. Fill in the connection settings for your Identity Provider configuration

    1. Your Identity Provider might give an IdP metadata .xml document which will pull out the required configuration fields. Either load in the content of the .xml document or fill out the three fields below from the output obtained during the Identity Provider configuration process. You do not need to complete both.

      1. IdP URL: The URL that Bizible needs to point to in order to authenticate your users into the Bizible application. Sometimes referred to as the “Redirect URL.”
      2. IdP Issuer: A unique identifier of the Identity Provider. Sometimes referred to as the “External Key.”
      3. IdP Certificate: A public key that allows Bizible to verify and validate the signature of all Identity Provider responses.

  4. Set the token expiration for your users in minutes.

    1. Bizible allows a whole number from 1 to 1440 minutes. After a user’s session time has been exceeded, the user will get logged off once they navigate to a new page.

  5. Set up and map your User Attribute settings to the respective First Name, Last Name, and Email Address.

    1. By entering the SAML attributes, Bizible will be able to recognize your users by the information passed through.

      1. Email Attribute: Provide the attribute name that your Identity Provider uses for the user’s email address.
      2. First Name Attribute: Provide the attribute name that your Identity Provider uses for the user’s first name.
      3. Last Name Attribute: Provide the attribute name that your Identity Provider uses for the user’s last name.

    2. Hint: If you test your SAML configuration now, we will parse out the Email, First Name, and Last Name attributes that you can use for this section. sso2.png

  6. Set up and map your User Role settings to the respective roles or groups classified from your IdP.

    1. Customers have the option of assigning Bizible user roles based on groups defined in their Identity Provider. By entering your SAML attributes, Bizible will be able to map your user’s roles and groups to Bizible user permissions. We highly recommend that you set up these roles so that your Bizible administrator has sufficient rights to update your account.

    2. If no roles or groups are mapped, the default setting is that all employees in the Identity Provider will have Standard user access.

      1. Bizible Standard User: Provide the role or group value for users that should have read-only access to the Bizible application.
      2. Bizible Account Admin User: Provide the role or group value for users that should have administrative access to the Bizible application. This means that the role has access to change configurations and settings related to your Account.

    3. If multiple roles or groups should be mapped to a role, enter each value separated by a comma.

  7. Test the Single Sign On configuration

    1. Before you can hit Save, you will be required to click the Test SAML Authentication button to verify that your settings were configured properly.
    2. If you see a “failure” error, please follow the message and attempt again. sso3.png

  8. Save your settings and direct your colleagues to use Single Sign On with your new custom Sign In URL.

    1. Important: Once you Save your new Authentication settings, it is possible your session will end once you navigate to a new page because you have disabled login by CRM Users and enabled Custom SSO. sso4.png

  9. Try it out!

    1. Use your new custom Sign In URL and attempt to log back in to the Bizible Application with your Identity Provider credentials.
    2. The format will look like https://apps.bizible.com/business/[ accountName]
    3. Congratulations! You’ve successfully set up Single Sign On into the Bizible Application for your account!

sso5.png

CRM Users (Advanced Setup)

By default, all accounts can access the Bizible application using their CRM credentials. Sometimes, account owners need to limit access to certain roles and not open it to all users with an active CRM license. The Advanced setup will allow you to map your CRM roles and groups to Bizible user permissions.

If no roles or groups are mapped, the default setting is that all active licenses in your CRM will have Standard user access.

  • Bizible Standard User: Provide the role or group value for users that should have read-only access to the Bizible application.
  • Bizible Account Admin User: Provide the role or group value for users that should have administrative access to the Bizible application. This means that the role has access to change configurations and settings related to your Account.

If multiple roles or groups should be mapped to a role, enter each value separated by a comma.

Salesforce Roles

For Salesforce Roles, use the name of each Role. All Roles can be found under the Setup > Manage Users > Roles menu.

sso6.png

Dynamics Roles

For Dynamics Roles, use the name of each Security Role. All Security Roles can be found under the Settings > Security > Security Roles menu.

sso7.png

sso8.png
Google Users

Once Custom SSO has been set up, the Users page will be updated to only show external users that have been added with Google logins. Because all users with access are defined through the SSO configuration, additional external users are listed here.

sso9.png

Only valid Google accounts can be added and must have a User Role defined.

External Documentation

Resolution resolution

For technical assistance contact Marketo Engage Customer Support.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f