Single Sign-On for Azure Active Directory

Single Sign-On (SSO) allows you to sign in to Bluescape from a centralized identity provider (IDP) such as Microsoft’s Azure Active Directory (Azure AD). This simplifies both user experience and user management. Bluescape supports SSO through IDPs using the SAML 2.0 standard.

Note: These instructions are also applicable to ADFS and ADFS (On-Premise). The only difference is in the name of the default value for user_guid (see step 10 below).

Set Up Instructions

  1. Log in to the Microsoft Azure Portal homepage.

  2. Navigate to Home > [Company Name], then click the Enterprise applications link in the Manage section of the left sidebar menu.

  3. Click the New application button.
    3

  4. On the Add an application screen, select the Non-gallery application option.
    4

  5. In the Add your own application field that opens, enter a name for the new application.

  6. Click Add to open the overview screen for the new application.

  7. Click the Assign users and groups option to grant the appropriate users access the SSO application.

  8. Click the Set up sign sign on icon shown above. Select the SAML option.

The SAML configuration screen appears.

  1. If the fields in the Basic SAML Configuration section are not editable, click the pencil icon in the top-right corner of the section, and then enter the following information in the text fields that appear:

Note: The final part of the following three values–example_id–is only a placeholder. It will be updated later with the actual ID of the SAML provider after the provider is added in Bluescape.

  1. In the User Attributes & Claims section, set the following values:
Name Value
first_name user.givenname
last_name user.surname
email user.email
name user.principalname
user_guid For ADFS and Azure, the default is user.objectid. *                                                              For ADFS (On-Premise), the default is ObjectGUID *
  • If you choose to use a value other than the default, the value must be unique for each user and unchangeable, even if the user’s email changes.
  1. In the SAML Signing Certificate section of the screen, copy the metadata URL that appears in the App Federation Metadata URL row.

  2. Share the metadata link with Bluescape Support, which is setting up the Organization on the Bluescape side. Bluescape Support will then create a new SAML provider and send you its ID.

  3. Navigate to Home > Bluescape > Enterprise applications - All applications , find the newly created app in the list, then click on it.
    13

  4. In the left panel of the main application screen, navigate to Manage > Single sign-on.
    14

  5. If the fields in the Basic SAML Configuration section are not editable, click the pencil icon in the top-right corner of the section, then replace the last part of each value example_id with the ID value you got from Bluescape.

  1. Save your changes.
  2. Now that the application setup is complete, you need to add the users or groups to the ADFS application. Consult the Microsoft Knowledge Center if you are unsure how to do this.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.