Blinq’s Enforced SSO feature allows a Workspace to force all members to sign in using a specific configured SSO Identity Provider based on the email domain of the user signing in.
In this SAML SSO set up, Azure AD manages your organization's user accounts and credentials and links with Blinq as the service provider for those users. Security Assertion Markup Language (SAML) is a security standard for managing authentication and access.
When you enable SSO with Blinq, the login prompt for your team will change to only allow SSO
To configure enforced SSO with Azure AD you will need:
> A Blinq Business (Enterprise) subscription & Domains to be enabled by our Sales team
> Owner access to your Blinq Account
> Azure AD Admin access
> Have both Blinq & Azure AD open in different Tabs
How enforced SAML SSO works:
- Your team attempts to log in to Blinq via SAML SSO
- Blinq sends a SAML request to the Azure AD
- They are redirected to the Azure AD Login page, to complete login.
- Azure AD checks your team member’s credentials
- Azure AD sends a response to Blinq to verify the team member's identity
- Blinq accepts the response and logs the team member into their Blinq account.
Note:
Blinq uses SAML 2.0 for all SAML SSO configurations. This includes configurations with supported identity providers and any custom configurations.
1. Open Security in Blinq
1. Login to dash.blinq.me
2. Navigate to the Team Members page and confirm that you are listed as the Owner role. Only the Owner can access the correct settings page.
3. Click on the Workspace menu in the top left corner
4. Select Team Settings from the drop down
5. Click into Security from the settings menu.
Keep this tab open while you work. You will need to copy information into Azure AD and vice versa.
2. Configure SSO in Azure AD
1. Navigate to Microsoft Azure (https://portal.azure.com) — it's ok if you use Microsoft 365, this is where you configure Single Sign On for your organisation.
2. Navigate to Enterprise Applications
3. Select New Application
4. Search for Blinq
5. Select Blinq from the search results
6. Click Create to continue
7. Click on Single Sign On from the manage menu
8. Select SAML
9. On Step 1, select Edit in the top right corner
10. Navigate to the Security page in the Blinq Dash and copy the ACS URL. It should look like: https://auth.blinq.me/authorize/callback/ID
11. In Entra, paste this into both a Reply URL (Assertion Consumer Service URL) & Sign on URL.
12. On step 3, SAML Certificates, Click Edit
13. Click the Signing option and select Sign SAML response and assertion
14. Click Save
15. From the section Download the Base64 Certificate, open this in a text editor & copy paste the contents of it into the Certificate field in the Blinq security form.
16. Copy the Login URL into the Single Sign on URL field on the Blinq security form
17. Copy the Microsoft Entra Indentifier into the Indentity Provider Entity ID field in the Blinq security form
18. Toggle on “Enforce SSO for all users” to activate enforced SSO for you users
19. With all fields complete, click Save.
20. Your SSO should now be configured for your organization. All users logging in with email addresses ending in your domain will be directed to log in using SSO.
You can now log out of Blinq, when you log back in, you should be taken through the Azure AD SSO flow.
Was this article helpful?
Articles in this section
- Exporting Blinq contacts to a CRM
- What does the Salesforce Integration Include?
- Exporting Blinq contacts to Salesforce CRM
- Exporting Blinq contacts to HubSpot CRM
- Exporting Blinq contacts to any CRM using Zapier
- SAML integration to Google Workspace
- Establishing an email signature integration with Google Workspace
- Activate the Email Signature sync for Google Workspace
- Disconnect an integration with Google Workspace
- Okta ID - SCIM Provisioning Users