Single Sign-On (SSO) is the ability to use an Identity Provider (IdP) to log into multiple applications using a single login and password. Bill.com supports SSO through select IdPs.
Jump to:
- Which Bill.com accounts are eligible for SSO?
- How do I request SSO?
- What is the cost to enable SSO?
- What information should I have before requesting SSO?
- Which identity providers (IdPs) are supported?
- Do all my users have to use SSO if it's enabled?
Which Bill.com accounts are eligible for SSO?
SSO is currently available for new Bill.com accounts syncing with Sage Intacct, Oracle NetSuite, or QuickBooks Enterprise during this beta phase.
We are looking into supporting additional account types in the future. Stay tuned!
How do I request SSO?
To request SSO for your new Bill.com account, complete the qualification form with as much detail and accuracy as possible to avoid delays. Be sure you have the required information listed below to help complete the form.
After you submit the qualification form, we'll reach out within 1-2 business days with next steps.
What is the cost to enable SSO?
The cost to enable SSO for your Bill.com account is $500.00.
What information should I have before requesting SSO?
To make sure we can successfully enable SSO for your account, we'll ask specific questions on the qualification form. Have all info ready before submitting the form. You may need to contact your IT department for help.
- Will you access Bill.com through a web or mobile interface or via API?
- What's your business website address?
- For which business domain do you need SSO support?
- If you have more than one domain, how many, and what are the names?
- Have a sample user email address to provide.
- Which identity provider (IdP) does your organization use today? (Examples include Okta, Google G-Suite, and Microsoft Azure Active Directory—verify with your IT department if possible)
- What authentication/authorization requests do you currently support?
Note: Bill.com currently only supports SAML (Security Assertion Markup Language) 2.0 or OPENID (OpenID Connect) 2.0 for SSO. - Do you have an IT department with someone who's familiar with these authentication details?
- What authentication/authorization requests do you currently support?
- How many users are in your organization that will require SSO?
- Do you require deep linking support into Bill.com from your portal?
Deep linking is a direct link to a specific bill or item, versus a more general page, such a list of bills to be approved.- If yes, for which specific use cases do you need deep linking?
- Does your organization need a sandbox environment for SSO?
If you have an accountant's console, also have the following information:
- Do all your firm users share the same domain address?
- Do you need your clients to access Bill.com through SSO? If yes, how many?
- Do you have a firm portal where Bill.com is accessed by your employees and clients?
- If yes, do you have email addresses on file for everyone who accesses the portal?
Which identity providers (IdPs) are supported?
These are the current IdPs Bill.com supports. If yours isn't listed, you can still request SSO, as we may be able to add yours after a review, as long as the authentication type is SAML (Security Assertion Markup Language) 2.0 or OPENID (OpenID Connect) 2.0. We don’t support identity providers using OAuth 1.0.
- Okta
- Google GSuite
- Microsoft Azure Active Directory
- OneLogin
- Ping
- Duo
- CyberArk
- Digital Resolve
- JumpCloud
- Rippling
- SecureAuth
Do all my users have to use SSO if it's enabled?
All users with login email addresses on the domain you provide us to whitelist will log into Bill.com through SSO. Users with an email address with a different domain will log in the same way they do today, from the Bill.com login page.
