Single Sign-On (SSO) is the most frequently asked-for requirement by our customers looking to incorporate DebtBook into their workflow. SSO enables authentication via an organization’s Identity Provider (IdP) like Google Workspace or Azure AD. DebtBook is compatible with any IdP that supports the SAML protocol. A DebtBook account is still required to access the application.
What You'll Need
To configure Single Sign-On in DebtBook, you'll need to have a DebtBook account with the Admin role assigned to allow you to make changes on behalf of your organization.
You'll also need to have access to a SAML-based identity provider with the permissions required to set up and configure an application or connection to DebtBook. This article assumes that you've begun to set up your identity provider (IdP) to connect with DebtBook. We've created the following guides to provide additional assistance:
Google Workspace Custom SAML App
Configuring Single Sign-On (SSO)
To start, access the Single Sign-On settings from within DebtBook. You will find this in the user menu behind the avatar in the top right corner of the navigation.
The Single Sign-On settings page is where you will get service provider details to configure your identity provider and provide the DebtBook application with information about your identity provider to initiate the connection.
The Service Provider Information section allows you to download a Metadata file in XML format to use in your identity provider configuration. The ACS URL and Entity ID will be required as part of your SAML setup work your organization's IT team will have to perform.
Once your team has begun setting up your identity provider, you will have to copy and paste the Login URL/Single Sign On URL and Entity ID into the settings page along with the certificate contents. This will enable DebtBook to know where to send assertions through the login process.
Once your Identity Provider Settings are filled in you can click the Test Connection button at the top of the page to verify the connection between DebtBook and your identity provider. If successful, you'll see a notice indicating success, and a button labeled Enable will appear. If it does not work, please double-check the settings in DebtBook by comparing them to your identity provider.
Note: DebtBook lowercases all emails when we store them. If you have email addresses with capital letters in your active directory and your identity provider authorization is case sensitive you will need to make adjustments for the configuration to be successful. Depending on your set up you may adjust the email addresses to be all lowercase, or adjust the configuration so that the email comparison does not consider case.
You may click the Enable button to establish Single Sign-On (SSO) as a verified method of authentication for your account. This does not automatically force all users to use SSO. This is configured in a subsequent step.
Require All Users to use Single Sign-On (SSO) for Authentication
The default option for authentication is email/password. Once SSO has been successfully tested for your organization and enabled, you will have an additional option to require all users to use SSO for log in.
To enable this for your DebtBook account, find the Account Security page using the menu shown above. This option is only available to DebtBook users with the Admin role.
Select the Edit button under the Account Requirements section to reveal the log in options for your account.
Choose SSO from the drop-down menu and click Save. Once this option is set, all subsequent login attempts will be routed to your identity provider.
If you encounter an issue after enabling access to your account, you may contact our Support team at firstname.lastname@example.org for further assistance.