As a Service Provider (SP), B12 offers SSO in accordance with the OpenID Connect (OIDC) / OAuth 2.0 standard. OIDC is supported by the majority of Identity Providers (IdPs), including: Azure AD, ADFS, Google Workspace and Okta.
Permissions
OIDC allows B12 to access the email address, first name and last name of the current user. Of this information, only the email address is used. This identifies the user between your IdP and B12 during a connection.
B12 does not save any data from the SSO. What's more, no write access is granted to B12 by the SSO.
Configuring SSO with B12
From your IdP control panel, add B12 as a new OIDC client/application. If necessary, refer to your IdP documentation.
You'll need the following information:
- Name: B12
- Permissions/scopes: openid, email and profile
- Response type: code
- RedirectURIs:
Once the new client has been added, you should obtain a Client/Application ID and a Client Secret. At this stage, please send us the following information:
- OpenID Connect URL: https://YOUR_URL/.well-known/openid-configuration
- Client ID
- Client Secret
We'll now finalize and deploy the SSO.
User experience
Once SSO has been set up, a “Connect me with [your IdP]” button will appear on your B12 login portal, enabling your organization's users to log in with a single click.
It should be noted that only users with a B12 account will be able to use the SSO connection, and that no user provisioning is performed by the SSO.