Your IT team can easily set up Single Sign-On (SSO) within Blissbook. To start, you'll need to make them a Teammate (Admin) in your organization. Check out the "Add a Teammate" section of this help article (FYI, we recommend the Tech role for these users).

Direct them to the Single Sign-On settings page (https://your-subdomain.blissbook.com/organization/settings OR, when signed in to Blissbook, click SETTINGS in the side nav. You will start off in the Account Settings tab and once there, click the Enable SSO button within the Authentication section and choose your SSO provider.

Blissbook currently supports Okta, G Suite (Google), Azure/Office365, Okta, generic SAML 2.0, and Active Directory (AD FS). If you're using another SSO provider that you want us to support, contact us and we'll get it set up.

Setting up Azure/Office365 or Google SSO is easy. Just choose one and then click the install button. Done!

Setting up Active Directory, Okta, or others takes a little bit more effort. There are instructions within Blissbook to walk your IT team through the set up - just click the appropriate button within the Single Sign-On drawer to see those details.

If you'd like to send the instructions to your IT team outside of Blissbook, you can do that too.

AD FS: http://help.blissbook.com/en/articles/3116134-ad-fs-sso-integration-guide

Okta: http://help.blissbook.com/en/articles/3116125-okta-sso-integration-guide

Blissbook does not do just-in-time or automated user provisioning upon login. You will need to sync an employee list with Blissbook ahead of time.

One of the main risk mitigation benefits of Blissbook is the ability to track who has NOT logged in or who has NOT signed their acknowledgement. This is who your biggest risks are. Not only do we report on those people in the reporting center, but you can send them reminders or Blissbook can automatically send reminders on your behalf, so you can eliminate those gaps. Blissbook can't do these things if we don't know who all of the employees are who need to access the handbook.

Our SAML and Okta integrations require a choice of a Unique Employee Identifier. If you do not want to match on Email Address or Employee ID, you can use a custom option we call Employee SSO Identifier. This could be an employee's UPN or some other ID that doesn't line up with their Employee ID.

If Blissbook is directly integrating with your HRIS, just tell us which field you'd like to use as the Unique Employee Identifier. We will custom map that from your HRIS and then you'll set your SAML/Okta integration to use Employee SSO Identifier as the Unique Employee Identifier.

If you're syncing a CSV file, you can send this data under the heading "SSO Identifier".

We are happy to have a conversation with you and/or your IT team to make sure you're set up for success. Contact us and we'll set up a time to talk. To make sure the call is efficient and effective, please have your IT team review the instructions and documentation beforehand.