Skip to main content
Enterprise Plan Feature: SAML Single Sign-On is available exclusively for workspaces on the Enterprise plan.
For Biqli Enterprise users, you can securely manage your team’s access to Biqli using Microsoft Azure AD (Entra ID) SAML SSO.

Step 1: Create or Select SAML Application

In your Azure Admin console, select Microsoft Entra ID (formerly Azure Active Directory) or search for it in the top search bar.
Select Microsoft Entra ID
From the Manage menu in the left sidebar, select Enterprise Applications.
Select Enterprise Applications
If you already have an existing SAML application, select it from the list and move on to Step 2. Otherwise, click on New application at the top.
New Application
On the next screen, select Create your own application, enter a name such as Biqli, and then click Create.
Create Your Own Application

Step 2: Configure SAML Settings

In the left sidebar under the Manage section, choose Single sign-on, then select SAML.
Select SAML Single Sign-On
In the Basic SAML Configuration section, click Edit.
Basic SAML Configuration Edit
An overlay sheet will appear. Copy the following values and paste them into the basic settings:
Identifier (Entity ID)
https://biq.li/workspaces/{WORKSPACE_SLUG}
Reply URL (Assertion Consumer Service URL)
https://biq.li/saml/acs
Please ensure you replace {WORKSPACE_SLUG} with the slug of the specific workspace in which you are activating Azure AD SAML.
Configure Basic SAML Settings
In the menu bar, click Save to apply your changes.
Save Basic SAML Settings

Step 3: Attribute Mapping

Click Edit on the Attributes & Claims section.
Edit Attributes and Claims
Click Add new claim to map user display names:
Name
Display Name
Namespace
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname
Source attribute
user.displayname
Add New Claim
Click Save after entering the values.
Configure Claim Values
Under Additional claims, verify that the following entries are present:
Claim nameValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displaynameuser.displayname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressuser.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.surname
Verify Additional Claims List
Close the claims sheet using the X in the top-right corner.
Close Attributes Sheet

Step 4: Copy the Metadata URL

Scroll down to the third section, SAML Certificates. Locate the App Federation Metadata URL and copy it to your clipboard.
Copy App Federation Metadata URL

Step 5: Configure SAML SSO on Biqli

Navigate to your workspace Security Settings in Biqli. Under the SAML Single Sign-On section, click Configure SAML Single Sign-On.
Biqli Security Settings
In the configuration modal:
  1. Select Identity Provider: Choose Microsoft Entra ID as your SAML provider.
  2. Metadata URL: Paste the App Federation Metadata URL you copied in Step 4.
  3. Test Connection: Verify the connection credentials.
  4. Enable SAML: Toggle on SAML authentication for your workspace.
  5. Save Changes: Click Save changes to finalize.
Biqli SAML Configuration Modal
Once saved, your workspace will be configured to use Azure AD for authentication.

Step 6: Assign Users

Once SAML SSO is active, you can start assigning users and groups to your workspace. To assign users, open your Enterprise Application, go to Users and groups in the left navigation menu, and click Add user/group.
Add Users and Groups
Click on None Selected under Users, choose the users you want to assign on the right panel, click Select, and then click Assign to confirm.
Assign Users to App

Technical Notes

Just-In-Time (JIT) Provisioning: When users sign in for the first time, their Biqli account will be automatically created and assigned to your workspace.
We highly recommend configuring SCIM Directory Sync before assigning users & groups. This ensures that users are automatically provisioned and deactivated in Biqli in real time.